vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

PT-2026-27799

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software Release 3E Description A flaw exists in the HTTP Server feature that could allow a remote attacker with valid user credentials to cause an unexpected device reload, leading to a denial of service Do...

Command Injection

Serverless Framework is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to childprocess.exec in the experimental MCP server feature, which allows an attacker to inject shell metacharacters and execute arbitrary system commands with the privileges o...

CVE-2025-69256

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

EUVD-2025-205851

serverless MCP Server vulnerable to Command Injection in list-projects tool...

CVE-2024-13997 Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Server Feature to Root on Host

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actio...

PT-2025-44800

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI versions prior to 2024R1.1.3 have a flaw that allows an authenticated administrator to gain root privileges on the host system. This is achieved by exploiting the Migrate Server...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3, which stems from a mismanagement of...

CVE-2025-62784 InventoryGui allows item duplication in GUIs which use GuiStorageElement

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature i...

EUVD-2022-52075

Malicious code in bioql PyPI...

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=2.23.2) potentially affected by CVE-2024-6429 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=2.4.39)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =2.23.2 Source cves: CVE-2024-6429 Source advisory: OSV:GHSA-R6F3-55WJ-G9P3...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

SUSE CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...

CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices

Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...

Cisco Catalyst 3650 and 3850 Series Switches IOS XE Software Denial of Service Vulnerability

The Cisco Catalyst 3650 and 3850 Series Switches are switch products from Cisco, Inc.IOS XE Software is a set of operating systems developed by Cisco for its network devices that run on them. A denial of service vulnerability exists in the IOS XE Software in the Cisco Catalyst 3650 and 3850 Serie...

Input validation

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could...

CVE-2017-3858

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could...