|
1241
|
6.3 |
MEDIUM
Network
|
litellm
|
litellm
|
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completio…
New
|
CWE-285
CWE-863
Improper Authorization
Incorrect Authorization
|
CVE-2026-12797
|
2026-06-25 04:50 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
6.3 |
MEDIUM
Network
|
litellm
|
litellm
|
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mc…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12798
|
2026-06-25 04:37 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
4.3 |
MEDIUM
Network
|
litellm
|
litellm
|
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-12799
|
2026-06-25 04:26 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inje…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-56317
|
2026-06-25 04:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through…
New
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2026-56316
|
2026-06-25 04:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
6.5 |
MEDIUM
Network
|
mmaitre314
|
picklescan
|
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Att…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-56304
|
2026-06-25 04:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
7.1 |
HIGH
Network
|
-
|
-
|
Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort li…
New
|
CWE-862
Missing Authorization
|
CVE-2026-56280
|
2026-06-25 04:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role wi…
New
|
CWE-200
Information Exposure
|
CVE-2026-56235
|
2026-06-25 04:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
8.3 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56215
|
2026-06-25 04:17 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not u…
New
|
CWE-287
Improper Authentication
|
CVE-2026-56080
|
2026-06-25 04:17 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
