CVE-2025-54868

LibreChat (a ChatGPT clone) contains a vulnerability in versions 0.0.6 through 0.7.7-rc1 where the exposed /api/search/test testing endpoint allows reading arbitrary chats stored in the Meilisearch engine due to insufficient access control. The issue enables viewing chats from arbitrary users. Th...

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. An SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker exploiting this vulnerability could remotely execute code...

Stripo Inc: csrf bypass using flash file + 307 redirect method at plugins endpoint

Hi Security team, i have found that the request sent to https://my.stripo.email/cabinet/stripeapi/v1/plugin/$userid$/plugins don't have any protection against csrf attacks as the server only validates that the content type is application/json and this can be bypassed using the flash file + 307...