127 matches found
EUVD-2024-53933
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-12368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other user...
Cisco ISE ERS InternalUser command injection
Added: 07/17/2025 Background Cisco Identity Services Engine ISE is a centralized user access control which provides network access policy for end users whether they connect through a wired or wireless network or by VPN. Problem A vulnerability in the Cisco ISE ERS API could allow remote,...
CVE-2024-45493
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate...
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
CVE-2025-0628
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
Improper Authorization
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Authorization due to the overly privileged API key assigned to internaluserviewer roles. An attacker can escalate privileges within the application by accessing...
CVE-2025-0628
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
CVE-2025-0628 Improper Authorization in BerriAI/litellm
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
CVE-2025-0628 Improper Authorization in BerriAI/litellm
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
PT-2025-12318
Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows acce...
BIT-ODOO-2024-12368
Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...
CVE-2024-12368
Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...
DEBIAN-CVE-2024-12368
Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...
CVE-2024-12368
Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...
UBUNTU-CVE-2024-12368
Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...
CVE-2024-12368
CVE-2024-12368 describes an improper access-control flaw in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 that allows an internal user to export OAuth tokens belonging to other users. Multiple connected sources corroborate the same vulnerability scope and impact. The avail...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh version 4.8.2 that stems from the inclusion of an Access Control Error...