EUVD Bot48m ago

๐Ÿšจ EUVD-2026-38136

๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
๐Ÿ“ฆ Product: LiteLLM, LiteLLM
๐Ÿข Vendor: berriai
๐Ÿ“… Updated: 2026-06-21

๐Ÿ“ A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes impro...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38136

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

๐Ÿšจ EUVD-2026-38135

๐Ÿ“Š Score: 3.7/10 (CVSS v3.1)
๐Ÿ“ฆ Product: Savane
๐Ÿข Vendor: GNU
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38135

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2025-210290

๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
๐Ÿ“ฆ Product: vllm
๐Ÿข Vendor: vLLM
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns โ€” in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint โ€” are susceptible to catas...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-210290

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38129

๐Ÿ“Š Score: 8.7/10 (CVSS v3.1)
๐Ÿ“ฆ Product: vllm
๐Ÿข Vendor: vLLM
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38129

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38130

๐Ÿ“Š Score: 8.7/10 (CVSS v3.1)
๐Ÿ“ฆ Product: AVideo
๐Ÿข Vendor: AVideo
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all p...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38130

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38131

๐Ÿ“Š Score: 6.1/10 (CVSS v3.1)
๐Ÿ“ฆ Product: AVideo
๐Ÿข Vendor: AVideo
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to ...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38131

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38132

๐Ÿ“Š Score: 9.2/10 (CVSS v3.1)
๐Ÿ“ฆ Product: AVideo
๐Ÿข Vendor: AVideo
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38132

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38133

๐Ÿ“Š Score: 6.9/10 (CVSS v3.1)
๐Ÿ“ฆ Product: AVideo
๐Ÿข Vendor: AVideo
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform serv...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38133

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

๐Ÿšจ EUVD-2026-38134

๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
๐Ÿ“ฆ Product: AVideo
๐Ÿข Vendor: WWBN
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fi...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38134

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot7h ago

๐Ÿšจ EUVD-2026-38128

๐Ÿ“Š Score: 9.9/10 (CVSS v3.1)
๐Ÿ“ฆ Product: prefecthq/prefect
๐Ÿข Vendor: prefecthq
๐Ÿ“… Updated: 2026-06-20

๐Ÿ“ Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not inclu...

๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38128

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database