Lucene search
K

5600 matches found

Veracode
Veracode
added 2026/06/25 7:15 a.m.8 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:21 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...

9.8CVSS5.7AI score0.0039EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:18 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...

9.1CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 4:34 a.m.91 views

CVE-2026-2238

CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.6 views

CVE-2026-12770

A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...

8.8CVSS5.9AI score0.00337EPSS
Exploits1References8
FreeBSD
FreeBSD
added 2026/06/24 12:0 a.m.5 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...

8.7CVSS5.6AI score0.00328EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.0024EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.6 views

CVE-2026-12799

A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability in the uiviewusers function to gain access to sensitive information. This issue is related to an incomplete fix for a previous vulnerability. Mitigation To reduce exposure, restrict networ...

5.3CVSS6.2AI score0.00288EPSS
Exploits1References8
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:10 p.m.12 views

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51341

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 10:0 a.m.8 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 10:0 a.m.32 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 10:0 a.m.18 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 1:0 a.m.17 views

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

7.5CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 1:0 a.m.10 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 12:15 a.m.33 views

CVE-2026-12770

The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...

8.8CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/21 12:15 a.m.7 views

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/06/21 12:15 a.m.39 views

CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS0.00337EPSS
Exploits1References7
Rows per page
Query Builder