Lucene search
K

764 matches found

Nuclei
Nuclei
added yesterday42 views

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

7.5CVSS6.1AI score0.00848EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday23 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS6.1AI score0.01113EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday85 views

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

7.5CVSS7.1AI score0.37197EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-62186

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-13233

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

3.3CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

0.00161EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-13233

The CVE-2026-13233 entry describes a Server-Side Request Forgery (SSRF) in the Drupal OpenAI Provider module. Affected are Drupal OpenAI Provider versions 0.0.0–1.1.1 and 1.2.0–1.2.2. Root cause: insufficient sanitization of user-supplied URLs, enabling SSRF. Impact is limited to the described vu...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References5
NVD
NVD
added last week5 views

CVE-2026-59820

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...

6.5CVSS0.00313EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 12:37 a.m.7 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/07/07 10:16 p.m.9 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:2 p.m.6 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 9:2 p.m.24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1268 Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6AI score0.00584EPSS
Exploits1References10
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.5CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 7:41 p.m.36 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:41 p.m.5 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 12:31 a.m.9 views

EUVD-2026-41443

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 11:16 p.m.11 views

CVE-2026-45499

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.00608EPSS
Exploits0References1
Rows per page
Query Builder