5600 matches found
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...
Improper Authorization
Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...
CVE-2026-2238
CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...
CVE-2026-12770
A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...
Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...
CVE-2026-12799
A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability in the uiviewusers function to gain access to sensitive information. This issue is related to an incomplete fix for a previous vulnerability. Mitigation To reduce exposure, restrict networ...
CVE-2026-7664
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...
CVE-2026-7664
Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...
PT-2026-51341
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...
CVE-2026-12799
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
EUVD-2026-38158
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
CVE-2026-12799
The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...
CVE-2026-12771
CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...
EUVD-2026-38137
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...
CVE-2026-12770
The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...
CVE-2026-12770
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...
CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...