Lucene search
+L

332 matches found

Vulnrichment
Vulnrichment
added 2025/10/22 1:54 p.m.4 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS5.7AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2025/10/22 1:54 p.m.23 views

CVE-2025-8848

LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...

5.4CVSS4.9AI score0.00423EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/10/22 1:54 p.m.14 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS0.00423EPSS
Exploits1References1
OSV
OSV
added 2025/10/22 1:54 p.m.4 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS5.9AI score0.00423EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

LibreChat 代码注入漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...

5.4CVSS5AI score0.00423EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.12 views

PT-2025-43144

Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description A flaw exists in danny-avila/librechat version 0.7.9 that permits HTML injection through the Accept-Language header. A logged-in user sending an HTTP GET request with a specially crafted Accept-Language head...

5.4CVSS6AI score0.00423EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2879

Malware in sbrugna...

6.1CVSS6.7AI score0.00616EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21244

Malware in sbrugna...

7.5CVSS7.6AI score0.01674EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4537

Malware in sbrugna...

6.1CVSS6.5AI score0.09052EPSS
Exploits4References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-21243

Malware in sbrugna...

7.5CVSS7.6AI score0.02297EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-9256

Malware in sbrugna...

6.1CVSS6.3AI score0.0102EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0538

Malware in sbrugna...

7.5CVSS7.4AI score0.01399EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7037

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.01428EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0066

Malicious code in bioql PyPI...

7.5CVSS7AI score0.47102EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

7.5CVSS7.2AI score0.01399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-23969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...

7.5CVSS6.8AI score0.47102EPSS
Exploits0References2
Huntr
Huntr
added 2025/07/24 1:53 p.m.7 views

Possible HTML Injection in Accept-Language header

This report is not public...

5.4CVSS5.4AI score0.00423EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:23 a.m.7 views

CVE-2019-12962

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...

6.1CVSS5.9AI score0.09052EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:26 a.m.6 views

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

6.1CVSS6AI score0.0102EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.6 views

In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

...

7.5CVSS7AI score0.02297EPSS
Exploits1
Rows per page
Query Builder