CVE-2024-12580

This CVE affects danny-avila/librechat prior to version 0.7.6. The vulnerability arises from unvalidated, unfiltered parameters in the code/download/:sessionId/:fileId and /download/:userId/:file_id APIs, enabling potential logs debug injection. Consequences stated include distortion of monitorin...

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

CVE-2020-12580

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

CVE-2017-12580

creationtimestamp| type| source ---|---|--- 2020-03-02 19:23:14+00:00| seen| https://t.me/cibsecurity/10215...

CVE-2017-12580

CVE-2017-12580 affects IDM UltraEdit up to 24.10.0.32. The vulnerability is a DLL preloading issue: on unpatched Windows systems, placing a DLL named like a Windows DLL (e.g., ntmarta.dll) in the same directory as the affected installer EXE causes the preloaded DLL in the executable’s current dir...

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

CVE-2018-12580

CVE-2018-12580 affects DragonByte vBSecurity 3.x up to 3.3.0 for vBulletin 3/4. The issue is a self-XSS in the Login Sessions feature caused by untrusted input in the session field $session['user_agent'], enabling an attacker to inject script/HTML. The Red Hat entry and CNVD/NVD records corrobora...

Microsoft Word 2013 Service Pack 1 Defense in Depth Update (KB4011250)

This host is missing an important security update according to Microsoft KB4011250 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

QEMU VirtFS Denial of Service Vulnerability (CNVD-2016-12580)

QEMU also known as Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast, cross-platform, etc. VirtFS is a customized virtualized file system for virtualized environments, belonging to the system layer virtualization...

CVE-2020-12580

CVE-2020-12580 is rejected/not used; this entry does not represent an active vulnerability.