Lucene search
K

10 matches found

Snyk
Snyk
added 6 days ago6 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection via the createguardrail, updateguardrail, deleteguardrail, and patchguardrail handlers in the guardrails API. An attacker can upload or modify cust...

7.7CVSS6.3AI score0.00288EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 12:43 p.m.29 views

CVE-2026-42203

A flaw was found in LiteLLM, an AI Gateway. An authenticated user could exploit this by sending a crafted prompt template to the POST /prompts/test endpoint. The endpoint rendered user-supplied prompt templates without proper sandboxing. This could lead to arbitrary code execution within the...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/11 4:17 p.m.11 views

LiteLLM has a sandbox escape in custom-code guardrail

Impact The POST /guardrails/testcustomcode endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image. Reaching the endpoint...

8.8CVSS6.2AI score0.06496EPSS
Exploits2References5Affected Software1
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176947

Malicious code in proxy-process-rho-chi-web npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2020-13006

Malware in sbrugna...

6.5CVSS6.5AI score0.01985EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.25 views

Fortinet Fortigate Webproxy process DoS (FG-IR-23-184)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-184 advisory. - A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiPro...

5.3CVSS5.7AI score0.0102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.5 views

PT-2021-24230 · Avast · Avast Antivirus

Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 20.8 Description: A privilege escalation issue exists in the Self-Defense driver of Avast Antivirus, allowing a local user with SYSTEM privileges to gain elevated privileges. This is achieved by "hollowing" t...

8.8CVSS8.8AI score0.00433EPSS
Exploits1References6
Cisco
Cisco
added 2016/12/07 4:0 p.m.54 views

Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS vulnerability due to the proxy process unexpectedly restarting. The vulnerability is due to improper input validation of the...

5CVSS7.6AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2016/05/18 4:0 p.m.47 views

Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability

A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does no...

7.8CVSS7.6AI score0.01931EPSS
Exploits0References1
myhack58
myhack58
added 2014/12/04 12:0 a.m.16 views

Internet Explorer EPM sandbox out vulnerability analysis CVE-2 0 1 4-6 3 5 0-a vulnerability warning-the black bar safety net

0x00 Preface Author: James Forshaw Original: link This month Microsoft fixed 3 different IE enhanced protected mode EPM sandbox out of vulnerabilities by me the original author, the same below)at 8 months of disclosure. The Sandbox is Project Zero I also participated in the most major concern the...

7.5AI score
Exploits0
Rows per page
Query Builder