Lucene search
K
VulnrichmentRecent

161427 matches found

Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-55542 Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...

5.3CVSS6AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-55206 py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read()

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-55596 Plate: Media embed provider metadata can bypass URL sanitization and execute iframe JavaScript

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS6AI score0.00241EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6AI score0.00119EPSS
Exploits0References9
Vulnrichment
Vulnrichment
•added 2 days ago•4 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

6.8CVSS6AI score0.00526EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•4 views

CVE-2026-58211 NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS6AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6AI score0.00548EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS6.5AI score0.00524EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6AI score0.00732EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6AI score0.00342EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-14361 Consul-template is vulnerable to path redirection in writeToFile through symlink attack

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•4 views

CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58254 NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS5.9AI score0.00428EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-8801 File Extension Restriction Bypass in MOVEit Transfer

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS5.9AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-8800 Cross-Org External Token Metadata accessible to AuditUser role

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58213 NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6AI score0.00439EPSS
Exploits0References8
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-15154 Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-8651 IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer HTTPS module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

3.7CVSS5.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•4 views

CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS6AI score0.00732EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-8650 Authenticated Path Traversal allows MOVEit admins to view arbitrary system files

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS5.9AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS6AI score0.00465EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2 days ago•4 views

CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59806 Gradio < 6.20.0 - Open Redirect and SSRF via /gradio_api/file= endpoint

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS6AI score0.00247EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-58253 NATS Server: Route API Auth Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS6AI score0.00388EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59805 Gumroad < 2026.07.06.2 - Insecure Direct Object Reference in PurchasesController

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score0.0022EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59804 Midscene Bridge Server - Session Hijack via Unauthenticated WebSocket

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS6AI score0.00213EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

8.2CVSS6.2AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-8649 Institution scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6AI score0.00488EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS6AI score0.00554EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-60104 Bitwarden Server < 2026.6.0 Authorization Bypass via Admin Auth Request

Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...

9.3CVSS6AI score0.00186EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59936 pypdf: Possible infinite loop for not terminated inline images

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS6AI score0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-59935 pypdf: Possible infinite loop for not terminated inline images (ASCII85 and ASCIIHex filter)

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issu...

8.7CVSS6AI score0.00329EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-59947 Composer: URL-embedded HTTP-Basic username leaks to verbose logs (GitHub PAT exposure)

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6AI score0.00108EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6AI score0.00132EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS5.9AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS5.9AI score0.00136EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS6AI score0.00286EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-44332 Fiber: Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS6AI score0.00516EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59820 LiteLLM: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...

6.1CVSS5.9AI score0.00323EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6AI score0.0017EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS6AI score0.00384EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-55760 handlebars.java FileTemplateLoader Path Traversal

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS6AI score0.00414EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2 days ago•2 views

CVE-2026-45045 Fiber: X-Real-IP Spoofing via Header.Add() in BalancerForward

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add instead of Header.Set when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serve...

5.3CVSS5.9AI score0.00455EPSS
Exploits0References7
Vulnrichment
Vulnrichment
•added 2 days ago•3 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS6AI score0.00288EPSS
Exploits0References3
Total number of security vulnerabilities161427