Security Vulnerabilities
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in copyString.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-06-21
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
CVSS Score
2.1
EPSS Score
0.003
Published
2026-06-21
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
CVSS Score
2.1
EPSS Score
0.003
Published
2026-06-21
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
CVSS Score
2.1
EPSS Score
0.002
Published
2026-06-21
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
CVSS Score
2.1
EPSS Score
0.004
Published
2026-06-21