Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-69222

CVE-2025-69222 affects LibreChat (v0.8.1-rc2 and prior) with a server-side request forgery (SSRF) due to missing restrictions in the default Actions configuration. The issue arises because agents can be configured with predefined instructions and actions via OpenAPI, enabling access to arbitrary ...

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-31964

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

PT-2026-1934

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...

CVE-2025-59702

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components...

CVE-2025-31972

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components...

CVE-2025-31972

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components...

CVE-2025-31972

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components...

CVE-2025-31972

CVE-2025-31972 affects HCL BigFix SM. It describes a sensitive information exposure due to internal connections not using TLS, allowing potential disclosure of data between internal components. CVSS 3.1 base score 6.5 (MEDIUM); attack vector adjacent, attack complexity low, privileges required no...

CVE-2025-55624

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components...

CVE-2025-55624

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components...

CVE-2025-55624

CVE-2025-55624 affects Reolink for Android/iOS (Reolink app version 4.54.0.4.20250526). The root cause is an intent redirection vulnerability that allows unauthorized attackers to access internal functions or non-public components. Public references indicate a PoC exists, and the issue is categor...

EUVD-2025-25255

A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role...