Lucene search
+L

127 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-53933

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0064EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-12368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other user...

8.8CVSS7AI score0.0064EPSS
Exploits1References3
Saint
Saint
added 2025/07/17 12:0 a.m.242 views

Cisco ISE ERS InternalUser command injection

Added: 07/17/2025 Background Cisco Identity Services Engine ISE is a centralized user access control which provides network access policy for end users whether they connect through a wired or wireless network or by VPN. Problem A vulnerability in the Cisco ISE ERS API could allow remote,...

7.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.6 views

CVE-2024-45493

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate...

9.8CVSS7AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.11 views

CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...

6.8CVSS6.7AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.11 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.8AI score0.00486EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.3AI score0.00261EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:41 p.m.15 views

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7AI score0.00315EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 6:43 p.m.5 views

Improper Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Authorization due to the overly privileged API key assigned to internaluserviewer roles. An attacker can escalate privileges within the application by accessing...

8.6CVSS7.1AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.13 views

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.20 views

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:10 a.m.12 views

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7.2AI score0.00315EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.16 views

PT-2025-12318

Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows acce...

8.1CVSS7.2AI score0.00315EPSS
Exploits0References16
OSV
OSV
added 2025/03/02 7:16 a.m.24 views

BIT-ODOO-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

8.8CVSS6.7AI score0.0064EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/27 6:20 p.m.14 views

CVE-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

8.8CVSS6.7AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2025/02/25 6:15 p.m.6 views

DEBIAN-CVE-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

8.8CVSS5.3AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2025/02/25 6:15 p.m.10 views

CVE-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

8.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2025/02/25 6:15 p.m.13 views

UBUNTU-CVE-2024-12368

Improper access control in the authoauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users...

8.8CVSS5.8AI score0.0064EPSS
Exploits1References3
CVE
CVE
added 2025/02/25 6:10 p.m.175 views

CVE-2024-12368

CVE-2024-12368 describes an improper access-control flaw in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 that allows an internal user to export OAuth tokens belonging to other users. Multiple connected sources corroborate the same vulnerability scope and impact. The avail...

8.8CVSS6.9AI score0.0064EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.5 views

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh version 4.8.2 that stems from the inclusion of an Access Control Error...

7.3CVSS6.4AI score0.00261EPSS
Exploits1References1
Rows per page
Query Builder