Lucene search
K

85 matches found

Cvelist
Cvelist
added 2026/06/26 3:58 p.m.33 views

CVE-2026-57518 Pagekit CMS 1.0.18 Privilege Escalation via UserApiController

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS0.00479EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 9:29 a.m.5 views

CVE-2026-12773

A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...

9.8CVSS5.8AI score0.00612EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/22 1:41 p.m.8 views

EUVD-2026-38276

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.4 views

kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()

A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 4:16 a.m.17 views

CVE-2026-12773

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

9.8CVSS0.00612EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/06/21 3:15 a.m.8 views

CVE-2026-12773

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 3:15 a.m.83 views

CVE-2026-12773

Affected software: litellm MCP Proxy (BerriAI) up to version 1.59.8. The vulnerability lies in UserAPIKeyAuth in litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py, where authentication can be bypassed if an invalid token triggers a swallowed 401/403 exception, allowing unauthen...

9.8CVSS6.7AI score0.00612EPSS
Exploits1References8Affected Software1
EUVD
EUVD
added 2026/06/21 1:0 a.m.11 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 1:0 a.m.25 views

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

7.5CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:0 a.m.37 views

CVE-2026-12771 BerriAI litellm M2M JWT user_api_key_auth.py improper authorization

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS0.00288EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/19 4:39 p.m.7 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 7:17 p.m.13 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS0.00998EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 6:39 p.m.14 views

CVE-2026-46145

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 9:36 a.m.15 views

EUVD-2026-32772

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

5.9AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 9:35 a.m.44 views

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/05/22 7:0 p.m.13 views

CVE-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

8.1CVSS0.00535EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.11 views

CVE-2026-42562

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...

8.3CVSS5.7AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 6:24 p.m.3 views

CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

8.8CVSS5.7AI score0.00391EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:24 p.m.25 views

CVE-2026-34393 Weblate: Privilege escalation in the user API endpoint

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

8.8CVSS0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 6:24 p.m.13 views

CVE-2026-34393

Weblate (web-based localization tool) has a vulnerability in the user patching API endpoint that allows privilege escalation by not properly limiting edit scope in versions prior to 5.17. The issue has been fixed in 5.17. Affected component is the user API endpoint; root cause is insufficient sco...

8.8CVSS5.7AI score0.00391EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder