Lucene search
K

2688 matches found

RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-59819

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...

4.9CVSS6AI score0.00258EPSS
Exploits0References6
Cvelist
Cvelist
added last week30 views

CVE-2026-12593 Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem

The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...

8.7CVSS0.00281EPSS
Exploits0References1
Veracode
Veracode
added last week10 views

Improper Authentication

github.com/coder/coder is vulnerable to Improper Authentication. The vulnerability is due to improper OIDC email-based account linking and incorrect handling of the emailverified claim, which allows an attacker to authenticate with a malicious or unverified OIDC identity and take over another...

7.4CVSS6AI score0.00479EPSS
Exploits0References10Affected Software2
Fedora
Fedora
added 2026/07/09 1:8 a.m.11 views

[SECURITY] Fedora 43 Update: opkssh-0.15.0-2.fc43

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS6AI score0.00939EPSS
Exploits0
Fedora
Fedora
added 2026/07/09 12:57 a.m.14 views

[SECURITY] Fedora 44 Update: opkssh-0.15.0-2.fc44

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS6AI score0.00939EPSS
Exploits0
Snyk
Snyk
added 2026/07/08 10:39 p.m.6 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 8:16 p.m.8 views

CVE-2026-59819

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

4.9CVSS0.00258EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 7:33 p.m.34 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56542

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10-stable Description LiteLLM is a proxy server that functions as an AI Gateway for calling LLM APIs. The '/health/test connection' endpoint resolves request-supplied environment and OIDC file references within t...

2.1CVSS6.1AI score0.00258EPSS
Exploits0References9
CVE
CVE
added 2026/07/07 10:23 p.m.13 views

CVE-2026-55076

Coder’s CVE-2026-55076 describes an OIDC callback flaw where the email_verified claim was checked with a direct Go bool assertion. If an IdP returns a non-boolean value (e.g., "false") or omits the claim, the check can pass incorrectly, in combination with an unconditional email-based account fal...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/07/07 10:16 p.m.11 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS0.00479EPSS
Exploits0References7
NVD
NVD
added 2026/07/07 10:16 p.m.7 views

CVE-2026-49229

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS0.00441EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 9:33 p.m.14 views

CVE-2026-55075

Coder’s OIDC login flaw leads to account takeover via email-based user matching and improper handling of email_verified. Before versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two issues exist: (1) email-based matching could link by email without confirming an existing link to a different IdP subjec...

7.4CVSS6AI score0.00479EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:33 p.m.6 views

CVE-2026-55075

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...

7.4CVSS6AI score0.00479EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:59 p.m.7 views

CVE-2026-49229

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:56 p.m.6 views

CVE-2026-46700

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5907 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder

Coder's OIDC emailverified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio

Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...

5.9AI score
Exploits0References1
Veracode
Veracode
added 2026/07/07 10:5 a.m.8 views

Authentication Bypass

Coder is vulnerable to an authentication bypass. The vulnerability is due to improper validation of the emailverified claim in the OIDC callback and an unconditional email-based account fallback, which allows an attacker to take over accounts by supplying a non-boolean or missing emailverified...

7.4CVSS6AI score0.00479EPSS
Exploits0References12Affected Software2
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
Rows per page
Query Builder