CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

704 matches found

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

7.5CVSS5.8AI score0.00826EPSS

Exploits1References2

Nuclei•added yesterday•21 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS5.9AI score0.01084EPSS

Exploits1References2

The Hacker News•added yesterday•9 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.03143EPSS

Exploits0

NVD•added 2 days ago•6 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.0074EPSS

Exploits0References3

ATTACKERKB•added 2 days ago•3 views

CVE-2026-48746

9.1CVSS5.9AI score0.0074EPSS

Exploits0References4Affected Software1

Cvelist•added 2 days ago•18 views

CVE-2026-48746 vLLM: OpenAI auth bypass

9.1CVSS0.0074EPSS

Exploits0References3

CVE•added 2 days ago•60 views

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

9.1CVSS5.9AI score0.0074EPSS

Exploits0References3

NVD•added 2 days ago•6 views

CVE-2026-49468

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0...

9.5CVSS0.00397EPSS

Exploits0References2

Nuclei•added 2 days ago•73 views

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

7.5CVSS7.3AI score0.36945EPSS

Exploits1References2

OSV•added 2026/06/16 5:36 p.m.•5 views

GHSA-94F4-HR76-P5J6 vLLM: OpenAI auth bypass

Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware, which was discovered during @x41sec's source code audit. It allows to use the API without providing the configured VLLMAPIKEY or...

9.1CVSS5.6AI score0.0074EPSS

Exploits0References4

Github Security Blog•added 2026/06/16 5:36 p.m.•74 views

vLLM: OpenAI auth bypass

9.1CVSS5.5AI score0.0074EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/15 4:45 p.m.•7 views

MAL-2026-5789 Malicious code in claude-cup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c369ccf7b5e0ef8721b5ecdc94bd843ce260923394f6c513350a58928abdbdd3 On first invocation of npx claude-cup and on every subsequent Claude Code tool call once hooks are installed, research/config-audit.js enumerates eve...

5.5AI score

Exploits0References18

NVD•added 2026/06/11 10:16 a.m.•9 views

CVE-2026-5497

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS0.00423EPSS

Exploits1References2

CVE•added 2026/06/11 8:31 a.m.•53 views

CVE-2026-5497

CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...

7.5CVSS5.5AI score0.00423EPSS

Exploits1References2Affected Software1

EUVD•added 2026/06/11 8:31 a.m.•7 views

EUVD-2026-36217

7.5CVSS5.5AI score0.00423EPSS

Exploits1References2

RedhatCVE•added 2026/06/09 8:59 p.m.•12 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS5.4AI score0.00327EPSS

Exploits0References1

NVD•added 2026/06/08 4:16 p.m.•11 views

CVE-2026-46444

8.8CVSS0.00327EPSS

Exploits0References2

Cvelist•added 2026/06/08 3:25 p.m.•44 views

CVE-2026-46444 Flowise: Vector Store No Permission Checks

8.7CVSS0.00327EPSS

Exploits0References2