Lucene search
K

41189 matches found

CVE
CVE
added 2026/06/21 1:0 a.m.14 views

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

7.5CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/21 1:0 a.m.10 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 12:15 a.m.7 views

CVE-2026-12770

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/06/21 12:15 a.m.7 views

EUVD-2026-38136

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7
CVE
CVE
added 2026/06/21 12:15 a.m.31 views

CVE-2026-12770

The CVE affects litellm (BerriAI) up to version 1.63.1, specifically the Admin Key Handler component and the file litellm/proxy/management_endpoints/key_management_endpoints.py. The root cause is improper authorization caused by manipulation within this endpoint, enabling a remote attacker to exp...

8.8CVSS5.5AI score0.00337EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51252

Name of the Vulnerable Software and Affected Versions lemonldap-ng versions prior to 2.23.1 Description An issue exists in the SAML Common Domain Cookie Endpoint within the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm. A remote attacker can perform a manipulation of the url argument...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51257

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A security flaw in the POST Request Handler component allows for remote command injection. This occurs through the manipulation of the command argument within the mp function of the '/goform/mp'...

6.5CVSS6.7AI score0.01158EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51199

Name of the Vulnerable Software and Affected Versions Montodel House-Rental-Management versions prior to 90010017b81265eb1ef3810268909f7719a33863 Description A SQL injection issue exists in the '/login.php' endpoint. Remote attackers can exploit this by manipulating the Username parameter. SQL...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51255

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection is possible via the POST Request Handler component. A remote attacker can exploit this by manipulating the interface argument within the stainfo function of the '/goform/stainfo'...

6.5CVSS6.7AI score0.01182EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51263

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...

6.5CVSS6.3AI score0.0034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51253

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions prior to 3.7.1 Description A heap-based buffer overflow can occur in the XMLNode::parseFile function within the ofstd/libsrc/ofxml.cc library. This issue allows a remote attacker to execute a manipulation that leads to the...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.13 views

PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...

5.3CVSS5.7AI score0.00288EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51260

Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...

6.5CVSS6.8AI score0.00201EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51182

Name of the Vulnerable Software and Affected Versions litellm versions prior to 1.63.2 Description An improper authorization issue exists in the Admin Key Handler component within the file litellm/proxy/management endpoints/key management endpoints.py. This flaw allows a remote attacker to bypass...

8.8CVSS6.1AI score0.00337EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51210

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue exists in the SSO Authentication Flow component within the get redirect response from openid function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation o...

6.5CVSS6.6AI score0.00358EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.8 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.5AI score0.004EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51137

Name of the Vulnerable Software and Affected Versions iCagenda versions prior to 4.0.8 Description The iCagenda extension for Joomla contains a flaw in the file attachment feature of its public event submission form. Due to improper restriction of file types, unauthenticated attackers can upload...

10CVSS6.6AI score0.00478EPSS
Exploits2References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Dawn, prior to version 130.0.6723.58, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.7AI score0.00384EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Chromium

Before version 101.0.4951.41, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

7.5CVSS7.2AI score0.0075EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Before version 98.0.4758.80, using "After Free" in Google Chrome’s extensions allowed a remote attacker to potentially exploit heap corruption through user interaction...

8.8CVSS7AI score0.0073EPSS
Exploits0References2
Rows per page
Query Builder