CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 12 hours ago•6 views

CVE-2026-12796

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...

6.5CVSS5.6AI score

Exploits0References8

Cvelist•added 2 days ago•30 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS

CVE•added 2 days ago•10 views

CVE-2026-12796

Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...

6.5CVSS6.2AI score

EUVD•added 2 days ago•7 views

EUVD-2026-38154

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS6.7AI score

Cvelist•added 2 days ago•30 views

CVE-2026-12795 BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication

7.5CVSS

CVE•added 2 days ago•15 views

CVE-2026-12795

CVE-2026-12795 affects BerriAI litellm up to version 1.82.2 in the SSO Debug Flow component. The vulnerability concerns the function json.dumps within litellm/proxy/management_endpoints/ui_sso.py, where manipulation can lead to missing authentication. The issue is exploitable remotely and has had...

7.5CVSS6.7AI score

CVE•added 3 days ago•24 views

CVE-2026-56215

Capgo before 12.128.12 is vulnerable: authenticated users can modify their public.users.email, which the SSO provisioning endpoint trusts as an account-merge key, enabling an attacker to merge a victim’s SSO identity into their own account. Affected component: provisioning/SSO merge logic manipul...

8.7CVSS6AI score

Cvelist•added 6 days ago•23 views

CVE-2026-48117 DroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account Takeover

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...

6.8CVSS0.00184EPSS

CVE•added 6 days ago•9 views

CVE-2026-48117

DroneAware’s CVE-2026-48117 affects the centralized DroneAware server. The issue allowed an attacker to pre-register an account using the victim’s email with an attacker-controlled password before activation; when the legitimate user later activated the account (via email Link or Google SSO), the...

6.8CVSS5.4AI score0.00184EPSS

Cvelist•added 2026/06/12 3:2 p.m.•23 views

CVE-2026-50089 Aqara IAM/SSO Gateway open redirect

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS0.00147EPSS

Vulnrichment•added 2026/06/12 3:2 p.m.•8 views

CVE-2026-50089 Aqara IAM/SSO Gateway open redirect

6.1CVSS5.3AI score0.00147EPSS

CVE•added 2026/06/12 3:2 p.m.•10 views

CVE-2026-50089

CVE-2026-50089 affects the Aqara IAM/SSO Gateway (gw-builder.aqara.com) and is described as an open redirect (CWE-601). The issue can be leveraged to conduct phishing via untrusted redirects. According to the sources, the CVSS v3.1 base score is 6.1 (Medium): Attack vector Network, Attack complex...

6.1CVSS5.3AI score0.00147EPSS

EUVD•added 2026/06/12 3:1 p.m.•5 views

EUVD-2026-36476

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS5.2AI score0.00222EPSS

SUSE CVE•added 2026/06/12 2:32 a.m.•9 views

SUSE CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

4.3CVSS5.3AI score0.00206EPSS

Exploits0References3

NVD•added 2026/06/10 3:16 p.m.•13 views

CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS0.00187EPSS

Exploits0References3

Vulnrichment•added 2026/06/10 1:55 p.m.•8 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

7.3CVSS5.3AI score0.00187EPSS

Exploits0References3

CNNVD•added 2026/06/10 12:0 a.m.•8 views

Migration Planner UI 跨站脚本漏洞

The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a cross-site scripting vulnerability. This vulnerability arises from the ability of attackers to register malicious discovery agents containing JavaScript code. When an...

7.3CVSS5.1AI score0.00187EPSS