Lucene search
K

1336 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59821

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged user with access to create or update custom code guardrails could exploit this vulnerability. The flaw allowed the user to submit custom Python code that would execute within the LiteLLM proxy environment,...

7.2CVSS6.1AI score0.00355EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56545

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description LiteLLM is a proxy server that functions as an AI Gateway for calling LLM APIs. The MCP Streamable HTTP endpoint allows an unauthenticated attacker to use a fabricated Authorization header to trigge...

8.8CVSS6.1AI score0.00243EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute...

8.8CVSS6.4AI score0.00498EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 11:16 p.m.7 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS0.00498EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/07 10:4 p.m.6 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0
CVE
CVE
added 2026/07/07 10:4 p.m.12 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 10:4 p.m.3 views

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56272

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description Code injection is possible via a caller-influenced Profile attribute. When a string is assigned to this attribute, the software splits it into path, package, and arguments, then interpolates the package...

8.8CVSS6.6AI score0.00498EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device...

5.4CVSS6.2AI score0.00146EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 6:18 p.m.6 views

UBUNTU-CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/06/23 5:3 p.m.8 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1
OSV
OSV
added 2026/06/22 8:37 p.m.4 views

CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.5CVSS6.1AI score0.00559EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/22 8:37 p.m.4 views

CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.5CVSS5.9AI score0.00559EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 8:37 p.m.79 views

CVE-2026-49468

LiteLLM is a proxy server (AI Gateway) for calling LLM APIs. A host-header parsing flaw could allow authentication bypass by making the auth gate evaluate a different route than dispatched, effectively bypassing access controls under specific conditions. The issue is mitigated by upgrading to 1.8...

9.8CVSS5.9AI score0.00559EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 3:15 a.m.10 views

EUVD-2026-38139

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51017

Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...

7.5CVSS5.9AI score0.00226EPSS
Exploits0References8
OSV
OSV
added 2026/06/12 12:25 p.m.11 views

OESA-2026-2615 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...

4.8CVSS5.4AI score0.00872EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 5:16 p.m.7 views

DEBIAN-CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

7.5CVSS5.4AI score0.00664EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.11 views

netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/10 12:5 p.m.12 views

netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References5
Rows per page
Query Builder