332 matches found
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
LibreChat 代码注入漏洞
LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...
PT-2025-43144
Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description A flaw exists in danny-avila/librechat version 0.7.9 that permits HTML injection through the Accept-Language header. A logged-in user sending an HTTP GET request with a specially crafted Accept-Language head...
EUVD-2018-2879
Malware in sbrugna...
EUVD-2020-21244
Malware in sbrugna...
EUVD-2019-4537
Malware in sbrugna...
EUVD-2020-21243
Malware in sbrugna...
EUVD-2015-9256
Malware in sbrugna...
EUVD-2018-0538
Malware in sbrugna...
EUVD-2022-7037
Malicious code in bioql PyPI...
EUVD-2023-0066
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-10539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...
Linux Distros Unpatched Vulnerability : CVE-2023-23969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...
Possible HTML Injection in Accept-Language header
This report is not public...
CVE-2019-12962
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...
CVE-2015-9416
The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...
In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
...