Lucene search
K

126 matches found

NVD
NVD
added yesterday3 views

CVE-2026-15557

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday31 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42589

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 6:44 p.m.11 views

CVE-2026-47101

A flaw was found in LiteLLM. An authenticated internal user can exploit this vulnerability by creating API keys that grant access to routes beyond their assigned role. This occurs because the system fails to verify if the specified allowedroutes for the API key align with the user's actual...

8.8CVSS6AI score0.00739EPSS
Exploits3References10
NVD
NVD
added 2026/06/21 10:16 a.m.14 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:0 a.m.3 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 10:0 a.m.12 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 10:0 a.m.46 views

CVE-2026-12799

The CVE-2026-12799 entry concerns BerriAI litellm up to version 1.82.2. The vulnerability affects the function ui_view_users in litellm/proxy/management_endpoints/internal_user_endpoints.py (component: Incomplete Fix CVE-2025-0628) and enables improper authorization. The issue can be exploited re...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 10:0 a.m.36 views

CVE-2026-12799 BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/21 9:30 p.m.9 views

LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS6.1AI score0.00739EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2026/05/21 9:30 p.m.2 views

GHSA-QRC4-49GV-MV9M LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS6.1AI score0.00739EPSS
Exploits3References10
EUVD
EUVD
added 2026/05/21 8:33 p.m.12 views

EUVD-2026-31346

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:33 p.m.10 views

CVE-2026-47101

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References8
CVE
CVE
added 2026/05/21 8:33 p.m.29 views

CVE-2026-47101

LiteLLM prior to 1.83.14 is affected. An authenticated internal_user can generate API keys where allowed_routes may include admin-only routes, bypassing role-based access controls because the system does not verify that the requested routes fall within the creator’s permissions. This enables priv...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 8:33 p.m.11 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References8
Cvelist
Cvelist
added 2026/05/21 8:33 p.m.42 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS0.00739EPSS
Exploits3References8
OSV
OSV
added 2026/05/21 8:33 p.m.1 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.7CVSS7.3AI score0.00739EPSS
Exploits3References14
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...

8.8CVSS5.8AI score0.00739EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29794

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

9.9CVSS6AI score0.00289EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 6:33 a.m.3 views

Missing Authentication for Critical Function

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the key-management endpoints due to improper enforcements of proxy-admin, team-admin, org-admin, or ownership checks. An...

6CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder