Jayden

2 exploits Active since Jul 2014
CVE-2014-4688 NOMISEC WORKING POC
pfSense < 2.1.4 - Authenticated Remote Code Execution
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
CVE-2026-47101 WRITEUP HIGH WRITEUP
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
CVSS 8.8