CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.07)
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access.
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions.
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination.
A vulnerability has been detected in BerriAI litellm up to version 1.82.2, affecting the ui_view_users function in the litellm/proxy/management_endpoints/internal_user_endpoints.py file. This issue is a result of an incomplete fix for CVE-2025-0628, leading to improper authorization.
A weakness has been identified in BerriAI litellm up to version 1.82.2, concerning the function load_openapi_spec_async. Manipulation of the argument spec_path leads to server-side request forgery.
A security flaw has been discovered in BerriAI litellm up to version 1.82.5 in the async_pre_call_hook function of the enterprise/enterprise_hooks/banned_keywords.py file. Manipulation of the prompt argument results in incorrect authorization, which can be exploited in remote attacks.
A vulnerability was identified in BerriAI litellm up to version 1.82.2, impacting the function get_redirect_response_from_openid in the file litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow component. Manipulation leads to session expiration.
A vulnerability was identified in ILIAS Learning Management System 11.0 affecting the function ilTrQuery::executeQueries in the file components/ILIAS/Tracking/classes/class.ilTrQuery.php. Manipulation of the argument troup_table_nav leads to SQL injection.
A vulnerability was identified in the ADP platform by zhilink (深圳)科技有限公司 version 1.0.0, affecting unknown code in the file /adpweb/a/base/barcodeDetail/import related to the XML parser. This manipulation leads to the exploitation of XML external entity references, allowing for remote attacks.
A vulnerability was found in the ADP Application Developer Platform version 1.0.0, affecting an unknown part of the testConnection Endpoint component. Manipulation of the jdbcUrl argument results in deserialization.
A flaw has been found in Montodel House-Rental-Management that allows SQL injection via manipulation of the ID argument in the /index.php?page=houses file. The attack can be carried out remotely.
A vulnerability has been detected in BerriAI litellm up to version 1.82.2, affecting the function _execute_with_mcp_client in the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py. The manipulation leads to server-side request forgery.
A security flaw has been discovered in BerriAI litellm up to version 1.82.2, impacting the function authenticate_user in the file litellm/proxy/auth/login_utils.py of the PROXY_ADMIN database API Key Generator. Manipulating this function results in session expiration.
A vulnerability was identified in BerriAI litellm up to version 1.82.2, affecting an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the M2M JWT Handler component. This manipulation leads to improper authorization.
A vulnerability was identified in BerriAI litellm up to version 1.63.1, concerning an unknown function in the file litellm/proxy/management_endpoints/key_management_endpoints.py of the Admin Key Handler component. This manipulation leads to improper authorization.
The AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting (XSS) vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields, potentially stealing session cookies or performing unauthorized actions.
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.
AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter. The lack of isSSRFSafeURL() validation enables requests to private IP ranges and cloud metadata endpoints.
ReDoS vulnerability in vLLM versions 0.6.3 through 0.9.0. Regular expression patterns in several components (vllm/lora/utils.py, phi4mini parser, OpenAI chat endpoint) are susceptible to catastrophic backtracking, allowing an attacker to cause CPU exhaustion and performance degradation.
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks.

