Aggregator

CVE-2026-12773 | BerriAI litellm up to 1.59.8 MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication (EUVD-2026-38139)

Vuldb Updates
5 days 20 hours ago
A vulnerability, which was classified as critical, was found in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2026-12773. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure.
vuldb.com

CVE-2026-12778 | AOMEI Partition Assistant up to 10.10.1 Kernel Driver ampa10.sys access control (EUVD-2026-38143)

Vuldb Updates
5 days 20 hours ago
A vulnerability was found in AOMEI Partition Assistant up to 10.10.1. It has been declared as critical. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-12778. The attack must be carried out locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-56265 | Crawl4AI up to 0.8.6 Docker API hard-coded credentials (GHSA-365w-hqf6-vxfg / EUVD-2026-38170)

Vuldb Updates
5 days 20 hours ago
A vulnerability was found in Crawl4AI up to 0.8.6. It has been classified as critical. This issue affects some unknown processing of the component Docker API. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2026-56265. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview

Cyber Security News
5 days 20 hours ago

A Heartbleed-style heap buffer overread lurking in Squid Proxy since 1997 can silently leak HTTP headers, including passwords and API keys, from other users on the same proxy. Security researchers at Calif.io have disclosed a critical memory disclosure vulnerability in Squid Proxy, dubbed Squidbleed, discovered with the assistance of Anthropic’s Claude Mythos Preview AI model. […]

The post 29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview appeared first on Cyber Security News.

Guru Baran

CVE-2026-9029 | Grafana OSS 12.4.0 Template String sanitizeTextPanelContent cross site scripting

VulDB Recent Entries
5 days 20 hours ago
A vulnerability has been found in Grafana OSS 12.4.0 and classified as problematic. The affected element is the function sanitizeTextPanelContent of the component Template String Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-9029. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2026-56447 | MISP up to 2.5.41 INI File Kafka_rdkafka_config inclusion of functionality from untrusted control sphere

VulDB Recent Entries
5 days 20 hours ago
A vulnerability classified as problematic was found in MISP up to 2.5.41. This vulnerability affects unknown code of the component INI File Handler. Executing a manipulation of the argument Kafka_rdkafka_config can lead to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2026-56447. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-9162 | Mattermost up to 11.7.x Websocket Connection session expiration

VulDB Recent Entries
5 days 20 hours ago
A vulnerability classified as problematic has been found in Mattermost up to 10.11.17/11.5.5/11.6.2/11.7.0/11.7.x. This affects an unknown part of the component Websocket Connection Handler. Performing a manipulation results in session expiration. This vulnerability was named CVE-2026-9162. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-6062 | Mattermost up to 11.7.x Subscription Edit Endpoint authorization

VulDB Recent Entries
5 days 20 hours ago
A vulnerability marked as problematic has been reported in Mattermost up to 10.11.17/11.5.5/11.6.2/11.7.0/11.7.x. Affected by this vulnerability is an unknown functionality of the component Subscription Edit Endpoint. This manipulation causes authorization bypass. This vulnerability is handled as CVE-2026-6062. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-8074 | Mattermost up to 10.11.17/11.7.0/11.7.x User Active Status Endpoint authorization

VulDB Recent Entries
5 days 20 hours ago
A vulnerability identified as problematic has been detected in Mattermost up to 10.11.17/11.7.0/11.7.x. This impacts an unknown function of the component User Active Status Endpoint. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2026-8074. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-48779 | websockets ws up to 5.2.4/6.2.3/7.5.10/8.20.x Network Traffic resource consumption (Nessus ID 321689)

Vuldb Updates
5 days 20 hours ago
A vulnerability was found in websockets ws up to 5.2.4/6.2.3/7.5.10/8.20.x. It has been rated as problematic. This vulnerability affects unknown code of the component Network Traffic Handler. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2026-48779. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-55392 | nilfs-dev nilfs-utils up to 2.3.0 nilfs_sb_is_valid improper validation of specified quantity in input (Issue 26 / Nessus ID 321688)

Vuldb Updates
5 days 20 hours ago
A vulnerability, which was classified as problematic, has been found in nilfs-dev nilfs-utils up to 2.3.0. Affected is the function nilfs_sb_is_valid. Performing a manipulation results in improper validation of specified quantity in input. This vulnerability is identified as CVE-2026-55392. The attack is only possible with local access. There is not any exploit available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2026-55203 | HAProxy up to 3.4.0 FCGI Framing Parser drl integer overflow (Nessus ID 321685 / WID-SEC-2026-2012)

Vuldb Updates
5 days 20 hours ago
A vulnerability marked as problematic has been reported in HAProxy up to 3.4.0. This vulnerability affects unknown code of the component FCGI Framing Parser. Performing a manipulation of the argument drl results in integer overflow. This vulnerability was named CVE-2026-55203. The attack may be initiated remotely. There is no available exploit. To fix this issue, it is recommended to deploy a patch.
vuldb.com

Managed ad