Lucene search
K

64 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.16 views

CVE-2024-9606

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

7.5CVSS0.00708EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.19 views

PT-2025-12313 · Unknown · Berriai/Litellm

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.52.1 Description: An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/03/19 1:29 a.m.15 views

CVE-2025-2356

A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely...

6.3CVSS6.5AI score0.0039EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2025/03/06 5:6 p.m.63 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

6.4CVSS10AI score0.03858EPSS
Exploits20
Vulnrichment
Vulnrichment
added 2025/03/04 12:0 a.m.4 views

CVE-2025-26319

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...

7.7AI score0.50789EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/01 4:20 a.m.10 views

CVE-2024-2321

An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...

5.6CVSS6.6AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 11:32 a.m.7 views

CVE-2025-26523 Insufficient Authorization Vulnerability in RupeeWeb trading platform

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other...

7.4CVSS6.5AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:52 a.m.7 views

CVE-2024-41802

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to t...

8.1CVSS7.7AI score0.00457EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.11 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

0.00366EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/12/11 3:50 p.m.29 views

CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue...

7.6CVSS0.00443EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.10 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

7AI score0.0022EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2024/10/10 4:10 p.m.77 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...

9.8CVSS10AI score0.1502EPSS
Exploits5
NVD
NVD
added 2024/01/16 10:15 a.m.31 views

CVE-2023-52106

Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...

9.1CVSS9.2AI score0.00274EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/19 12:0 a.m.14 views

MOXA TN-5900 Authentication Error Vulnerability

MOXA TN-5900 is a series of industrial firewall routers from China MOXA. An authentication error vulnerability exists in the MOXA TN-5900 prior to version v3.3, which stems from insufficient authentication measures implemented in the Web API handler, and can be exploited by an attacker to cause a...

8.8CVSS6.9AI score0.00521EPSS
Exploits0References1
Veracode
Veracode
added 2023/07/22 9:19 p.m.25 views

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. Due to a regex check, the API for changing asset links produced backtracks, resulting in significant CPU consumption for some user-supplied values, causing the application to crash...

4.3CVSS6.8AI score0.00886EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.7 views

CVE-2022-39042 aEnrich a+HRD - Improper Authentication

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

9.8CVSS7.7AI score0.01454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/23 12:0 a.m.15 views

CVE-2022-46492

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...

7.6AI score0.00496EPSS
Exploits1References1
Prion
Prion
added 2022/08/04 9:15 a.m.14 views

Out-of-bounds

A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

7.5CVSS9.5AI score0.00664EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/09 12:0 a.m.16 views

Cross Site Request Forgery in Gitea

Cross Site Request Forgery CSRF vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests...

8.8CVSS3.2AI score0.00577EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/01/25 5:3 a.m.12 views

Insecure Session Management

pterodactyl/panel is vulnerable to insecure session management. The vulnerability exists in handle function in the AuthenticateKey.phpfile, allowing malicious attackers to compromises the API key generation and log in to the system...

4.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder