CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

ATTACKERKB•added 2026/05/21 8:33 p.m.•5 views

CVE-2026-47101

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00051EPSS

Exploits3References8

Cvelist•added 2026/05/21 8:33 p.m.•22 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

8.8CVSS0.00051EPSS

Exploits3References7

CVE•added 2026/05/21 8:33 p.m.•7 views

CVE-2026-47101

LiteLLM prior to 1.83.14 is affected. An authenticated internal_user can generate API keys where allowed_routes may include admin-only routes, bypassing role-based access controls because the system does not verify that the requested routes fall within the creator’s permissions. This enables priv...

8.8CVSS5.8AI score0.00051EPSS

Exploits3References7Affected Software1

EUVD•added 2026/05/21 8:33 p.m.•3 views

EUVD-2026-31346

8.8CVSS5.8AI score0.00051EPSS

Exploits3References7

Vulnrichment•added 2026/05/21 8:33 p.m.•5 views

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

8.8CVSS5.8AI score0.00051EPSS

Exploits3References7

CNNVD•added 2026/05/21 12:0 a.m.•3 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...

8.8CVSS5.8AI score0.00051EPSS

Exploits3References1

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42538

LiteLLM prior to 1.83.14 allows an authenticated internal user to create API keys with access to routes that their role does not permit. When generating a key, the allowed routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

8.8CVSS5.8AI score0.00051EPSS

Exploits3References9

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29794

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

9.9CVSS6AI score0.00058EPSS

Exploits0References4

Snyk•added 2026/04/01 6:33 a.m.•1 views

Missing Authentication for Critical Function

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the key-management endpoints due to improper enforcements of proxy-admin, team-admin, org-admin, or ownership checks. An...

6CVSS5.9AI score

Exploits0References3

HackRead•added 2026/02/05 10:50 p.m.•2 views

Substack Breach: 662,752 User Records Leaked on Cybercrime Forum

Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata...

5.3AI score

Exploits0

OSV•added 2026/02/03 12:30 p.m.•2 views

GHSA-8JRV-WX83-W3XJ Moodle Inserts Sensitive Information Into Sent Data

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...

4.3CVSS5.3AI score0.00017EPSS

Exploits0References7

Snyk•added 2026/02/03 11:48 a.m.•1 views

Insertion of Sensitive Information Into Sent Data

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the urls during anonymous assignment submissions. An attacker can access internal user identifiers by viewing exposed URLs, which may compromise...

5.3CVSS5.5AI score0.00017EPSS

Exploits0References2

OSV•added 2026/02/03 11:15 a.m.•1 views

CVE-2025-67857

5.3CVSS5.4AI score0.00017EPSS

Exploits0References3

NVD•added 2026/02/03 11:15 a.m.•3 views

CVE-2025-67857

5.3CVSS0.00017EPSS

Exploits0References3

OSV•added 2026/02/03 11:15 a.m.•0 views

UBUNTU-CVE-2025-67857

5.3CVSS5.7AI score0.00017EPSS

Exploits0References5

UbuntuCve•added 2026/02/03 11:15 a.m.•1 views

CVE-2025-67857

5.3CVSS5.8AI score0.00017EPSS

Exploits0References4

EUVD•added 2026/02/03 10:52 a.m.•2 views

EUVD-2025-206751

4.3CVSS5.3AI score0.00017EPSS

Exploits0References3

ATTACKERKB•added 2026/02/03 10:52 a.m.•1 views

CVE-2025-67857

4.3CVSS5.3AI score0.00017EPSS

Exploits0References4

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5965

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle where user identifiers are exposed in URLs during anonymous assignment submissions. This exposure compromises the intended anonymity and could lead to information...

5.3CVSS5.4AI score0.00017EPSS

Exploits0References11

RedhatCVE•added 2026/01/09 11:30 a.m.•5 views

CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

4.4CVSS6.9AI score0.00213EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by