CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•5 views

EUVD-2026-38155

6.5CVSS6.2AI score0.00358EPSS

Cvelist•added 6 days ago•31 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

6.5CVSS0.00358EPSS

CVE•added 6 days ago•10 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score0.00358EPSS

Exploits1References5Affected Software1

NVD•added 6 days ago•11 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS

ATTACKERKB•added 6 days ago•6 views

CVE-2026-12772

6.5CVSS6.2AI score0.00262EPSS

Exploits1References5Affected Software1

EUVD•added 6 days ago•7 views

EUVD-2026-38138

6.5CVSS6.2AI score0.00262EPSS

Cvelist•added 6 days ago•37 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

6.5CVSS0.00262EPSS

CVE•added 6 days ago•22 views

CVE-2026-12772

CVE-2026-12772 affects BerriAI litellm up to 1.82.2, impacting the authenticate_user path in litellm/proxy/auth/login_utils.py for the PROXY_ADMIN database API Key Generator. Description indicates that manipulating input can cause session expiration and that the issue can be exploited remotely; e...

6.5CVSS6.2AI score0.00262EPSS

Exploits1References5Affected Software1

Positive Technologies•added 6 days ago•15 views

PT-2026-51196

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...

6.5CVSS6.6AI score0.00262EPSS

Exploits1References11

Snyk•added 2026/06/19 8:47 p.m.•5 views

Insufficient Session Expiration

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...

8.2CVSS5.9AI score

NVD•added 2026/06/15 10:16 a.m.•11 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS

Cvelist•added 2026/06/15 8:36 a.m.•32 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

5.3CVSS0.00284EPSS

Vulnrichment•added 2026/06/15 8:36 a.m.•7 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

5.3CVSS5.3AI score0.00284EPSS

CVE•added 2026/06/15 8:36 a.m.•27 views

CVE-2026-44188

Affects Ansible Lightspeed (and Red Hat Ansible Automation Platform context) via insufficient session expiration that allows a valid OAuth token to remain usable after logout, enabling persistent access and unauthorized read of inventories, playbooks, and config data. The connected Red Hat adviso...

5.3CVSS5.4AI score0.00284EPSS

RedhatCVE•added 2026/06/05 7:34 p.m.•9 views

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.4AI score0.0021EPSS

RedhatCVE•added 2026/06/05 7:34 p.m.•8 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.4AI score0.00178EPSS

CVE•added 2026/06/05 7:18 p.m.•19 views

CVE-2026-46401

HAX CMS (PHP/Node.js backends) has an improper session termination vulnerability affecting versions prior to 26.0.0, where authentication tokens remain valid after logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing log...

5.3CVSS5.5AI score0.00311EPSS

Vulnrichment•added 2026/06/05 7:18 p.m.•8 views

CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS