Lucene search
K

1458 matches found

CVE
CVE
added 2 days ago12 views

CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2025-36359 IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:27 p.m.3 views

Security Bulletin: IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. [CVE-2025-36359]

Summary IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability, which could allow an attacker to continue accessing protected resources using expired authentication tokens. Vulnerability Details CVEID:CVE-2025-36359 DESCRIPTION: IBM DevOps Loop does not invalidate...

8.1CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:0 a.m.6 views

EUVD-2026-38155

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 9:0 a.m.31 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00358EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:0 a.m.3 views

CVE-2026-12796

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 9:0 a.m.10 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/06/21 3:16 a.m.16 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 2:0 a.m.7 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 2:0 a.m.37 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 2:0 a.m.9 views

EUVD-2026-38138

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 2:0 a.m.23 views

CVE-2026-12772

CVE-2026-12772 affects BerriAI litellm up to 1.82.2, impacting the authenticate_user path in litellm/proxy/auth/login_utils.py for the PROXY_ADMIN database API Key Generator. Description indicates that manipulating input can cause session expiration and that the issue can be exploited remotely; e...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51210

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue exists in the SSO Authentication Flow component within the get redirect response from openid function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation o...

6.5CVSS6.6AI score0.00358EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51196

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References12
Snyk
Snyk
added 2026/06/19 8:47 p.m.5 views

Insufficient Session Expiration

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...

8.2CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/06/15 10:16 a.m.11 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 8:36 a.m.32 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 8:36 a.m.7 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
Rows per page
Query Builder