|
1581
|
8.8 |
HIGH
Network
|
litellm
|
litellm
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templ…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-42203
|
2026-05-14 02:14 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
5.4 |
MEDIUM
Network
|
langfuse
|
langfuse
|
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An a…
|
CWE-284
Improper Access Control
|
CVE-2026-41487
|
2026-05-14 02:12 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. A…
|
CWE-328
Use of Weak Hash
|
CVE-2020-37168
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
5.5 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-u…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2020-37169
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
5.5 |
MEDIUM
Network
|
-
|
-
|
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design …
|
CWE-79
Cross-site Scripting
|
CVE-2020-37174
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attack…
|
CWE-352
Origin Validation Error
|
CVE-2020-37217
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …
|
CWE-89
SQL Injection
|
CVE-2020-37218
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
7.5 |
HIGH
Network
|
-
|
-
|
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET reques…
|
CWE-22
Path Traversal
|
CVE-2020-37219
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
7.5 |
HIGH
Network
|
-
|
-
|
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can quer…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-37220
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
7.2 |
HIGH
Network
|
-
|
-
|
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37222
|
2026-05-14 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
