Lucene search
+L

75 matches found

Veracode
Veracode
added 2024/09/16 9:20 a.m.14 views

Server-Side Request Forgery (SSRF)

litellm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation or restriction on the apibase parameter in POST /chat/completions, allowing a malicious user to intercept the OpenAI API key by redirecting requests to their own domain...

7.5CVSS6.6AI score0.37197EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/13 6:31 p.m.72 views

LiteLLM Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS6.7AI score0.37197EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/13 4:15 p.m.49 views

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS0.37197EPSS
Exploits1References2
OSV
OSV
added 2024/09/13 3:59 p.m.16 views

CVE-2024-6587 SSRF in berriai/litellm

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS7.2AI score0.37197EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2024/05/28 12:0 a.m.376 views

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...

7.4AI score0.00604EPSS
Exploits1
NVD
NVD
added 2024/05/25 3:15 a.m.45 views

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/25 2:50 a.m.20 views

CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

5.3CVSS6.7AI score0.00402EPSS
Exploits0References3
CVE
CVE
added 2024/05/25 2:50 a.m.93 views

CVE-2024-4858

CVE-2024-4858 affects the WordPress plugin Testimonial Carousel for Elementor (WordPress plugin). The vulnerability is due to a missing capability check in the function save_testimonials_option_callback, present in versions up to and including 10.2.0, enabling unauthenticated attackers to modify ...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/25 12:0 a.m.5 views

PT-2024-33154 · Openai · Openai Api

Name of the Vulnerable Software and Affected Versions: The Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.2.0 Description: The issue is related to a missing capability check on the save testimonials option callback function, allowing unauthorized...

5.3CVSS6.3AI score0.00402EPSS
Exploits0References8
Kitploit
Kitploit
added 2024/04/29 12:30 p.m.97 views

Galah - An LLM-powered Web Honeypot Using The OpenAI API

TL;DR: Galah /ɡəˈlɑː/ - pronounced 'guh-laa' is an LLM Large Language Model powered web honeypot, currently compatible with the OpenAI API, that is able to mimic various applications and dynamically respond to arbitrary HTTP requests. Description Named after the clever Australian parrot known for...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2024/04/05 11:30 a.m.46 views

Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2024/03/24 11:30 a.m.92 views

Pentest-Muse-Cli - AI Assistant Tailored For Cybersecurity Professionals

Pentest Muse is an AI assistant tailored for cybersecurity professionals. It can help penetration testers brainstorm ideas, write payloads, analyze code, and perform reconnaissance. It can also take actions, execute command line codes, and iteratively solve complex tasks. Pentest Muse Web App In...

8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/03/16 6:30 a.m.4 views

ai.optfor:spring-openai-api (>=0.1 <=0.3.25), am.ik.s3:simple-s3-client (>=0.1.0 <=0.1.1) +3846 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=6.0.0 <=6.0.17)

org.springframework:spring-web MAVEN version =6.0.0, =0.1, =0.1.0, =0.2.3, =0.2.3, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =1.5.0.RELEASE, =1.5.2.RELEASE - be.tomcools:rickroll-security-spring-boot-starter =3.1.1 -...

8.1CVSS6.6AI score0.02573EPSS
Exploits1
Kitploit
Kitploit
added 2023/08/06 12:30 p.m.50 views

AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition

AiCEF is a tool implementing the accompanying framework 1 in order to harness the intelligence that is available from online resources, as well as threat groups' activities, arsenal eg. MITRE, to create relevant and timely cybersecurity exercise content. This way, we abstract the events from the...

6.9AI score
Exploits0References6
Kitploit
Kitploit
added 2023/03/16 11:30 a.m.164 views

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

7.3AI score
Exploits0References1
Rows per page
Query Builder