CVE-2025-8849

LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...

CVE-2025-8849

LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...

LibreChat 资源管理错误漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A resource management error vulnerability exists in LibreChat version 0.7.9, which stems from the /api/memories endpoint not limiting the size of parameter values, which could lead to a denial of service attack...

EUVD-2025-37197

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

CVE-2025-8850 Insecure API Design in danny-avila/librechat

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

PT-2025-44458

Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description The software has an insecure API design in the 2-Factor Authentication 2FA flow. The system permits users to disable 2FA without a valid One-Time Password OTP or backup code, circumventing the verification...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat version 0.7.9, which stems from a failure to properly validate the OTP or backup code during the 2FA disablement process, which could result in reduced account security...

PT-2025-44563

Name of the Vulnerable Software and Affected Versions LibreChat version 0.7.9 Description LibreChat version 0.7.9 is susceptible to a Denial of Service DoS attack. The /api/memories endpoint allows unbounded parameter values for the key and value parameters. Lack of proper validation for these...

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

CVE-2025-8848

LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...

LibreChat 代码注入漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...

CVE-2025-6088

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088 Improper Authorization in danny-avila/librechat

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

CVE-2025-6088

CVE-2025-6088 affects danny-avila/librechat. In version 0.7.8, improper authorization on the conversation sharing endpoint /api/share/conversationID allows a logged-in user to read other users’ conversations when the conversation ID is known. UUIDv4 IDs are server-side but can leak via logs, hist...

PT-2025-37108

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat version 0.7.8 Description: Improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Conversation IDs, while generated...

CVE-2013-7381 affecting package libnotify 0.7.9-4

CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never applicable...

WordPress MM-Breaking News plugin <= 0.7.9 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin MM-Breaking News versions = 0.7.9...

WordPress MM-Breaking News plugin <= 0.7.9 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin MM-Breaking News versions = 0.7.9...

PT-2024-38777 · WordPress · Mm-Breaking News

Name of the Vulnerable Software and Affected Versions: MM-Breaking News WordPress plugin versions 0.7.9 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...