Lucene search
K

763 matches found

Nuclei
Nuclei
added yesterday29 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.4AI score0.8413EPSS
Exploits5References4
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-46590 Apache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

0.00381EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-389 litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 10:31 p.m.2 views

GHSA-WCR3-9X4C-F5GJ Blnk has an API key authorization bypass in owner and scope enforcement

Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary. In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a...

5.7AI score
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-56225

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38428

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS5.9AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 1:16 a.m.20 views

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

8.8CVSS0.00337EPSS
Exploits1References7
Snyk
Snyk
added 2026/06/21 1:4 a.m.8 views

Missing Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Missing Authorization in the keymanagementendpoints.py file. An attacker can gain unauthorized access to administrative key management operations by sending crafted request...

8.8CVSS6.1AI score0.00337EPSS
Exploits1References2
CVE
CVE
added 2026/06/21 12:15 a.m.36 views

CVE-2026-12770

The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...

8.8CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/06/21 12:15 a.m.40 views

CVE-2026-12770 BerriAI litellm Admin Key key_management_endpoints.py improper authorization

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS0.00337EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-6583

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...

5.5CVSS5.3AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-44930

A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure. Mitigation...

9.8CVSS5.2AI score0.0068EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.4AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of authorization verification for the key management API endpoints involved in cellular eSIM allocation. As a result,...

8.3CVSS5.3AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. LibreChat versions 0.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from...

7.1CVSS5.4AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 a.m.14 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 5:16 a.m.17 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:38 a.m.15 views

EUVD-2026-32049

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:38 a.m.25 views

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

7CVSS5.9AI score0.00121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:38 a.m.10 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References2
Rows per page
Query Builder