Lucene search
K

29 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11192-1 python313-openapi-spec-validator-0.9.0-1.1 on GA media

These are all security issues fixed in the python313-openapi-spec-validator-0.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.9AI score0.06031EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.7 views

CVE-2026-12798

A flaw was found in BerriAI litellm. This vulnerability allows a remote attacker to perform a Server-Side Request Forgery SSRF by manipulating a specific argument, specpath, in the loadopenapispecasync function. This manipulation can force the server to make unauthorized requests to internal or...

6.5CVSS6.4AI score0.00262EPSS
Exploits1References8
NVD
NVD
added 2026/06/21 10:16 a.m.20 views

CVE-2026-12798

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

6.5CVSS0.00262EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 9:30 a.m.26 views

CVE-2026-12798

CVE-2026-12798 affects BerriAI litellm up to 1.82.2, specifically the MCP OpenAPI Spec Loader’s load_openapi_spec_async function. The root cause is manipulation of the spec_path argument allowing server-side request forgery, which can be triggered remotely. The description notes that the exploit ...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 9:30 a.m.37 views

CVE-2026-12798 BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

6.5CVSS0.00262EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.23 views

PT-2026-51212

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A server-side request forgery SSRF exists in the MCP OpenAPI Spec Loader component. The issue occurs within the load openapi spec async function located in the litellm/proxy/ experimental/mc...

6.5CVSS6.7AI score0.00262EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.14 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.5AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:17 p.m.13 views

CVE-2026-45366

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 8:38 p.m.9 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 8:38 p.m.13 views

EUVD-2026-33053

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 8:38 p.m.26 views

CVE-2026-45366

CVE-2026-45366 affects the TypeScript port of UTCP, specifically the package @utcp/http used by the project to implement UTCP in JavaScript/TypeScript. Before version 1.1.2 , the vulnerability arises from a trust-boundary flaw: during manual discovery, URLs are validated, but during tool invocati...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 9:16 p.m.57 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 8:12 p.m.64 views

CVE-2026-44661 python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/01/21 1:1 a.m.5 views

GHSA-H526-WF6G-67JV Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

9.3CVSS6.3AI score0.0075EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/20 1:46 a.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getEnumImplementation function. An attacker can execute arbitrary code in environments that consume generated clients by supplying a crafted OpenAPI specification containing malicious content in the...

9.8CVSS6.1AI score0.0075EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-21408

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00452EPSS
Exploits0References5
Veracode
Veracode
added 2025/07/18 5:47 a.m.5 views

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to the exact Directus version number being exposed as the OpenAPI Spec version at the /server/specs/oas endpoint without authentication, which allows an attacker to identify the running version and target known...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/16 11:44 p.m.14 views

CVE-2025-53887

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

5.3CVSS7.7AI score0.00452EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/15 3:29 p.m.7 views

Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...

5.3CVSS6.4AI score0.00452EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/15 3:29 p.m.3 views

GHSA-RMJH-CF9Q-PV7Q Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...

5.3CVSS6.2AI score0.00452EPSS
Exploits0References6
Rows per page
Query Builder