PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

CVE-2026-53519

Nezha Monitoring prior to v2.0.13 is affected by a path-traversal in the dashboard NoRoute handler. The code uses strings.HasPrefix on URLs that start with /dashboard, so an input like /dashboard../data/config.yaml is accepted; trimming the prefix yields ../data/config.yaml and path.Join("admin-d...

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

Malicious Package

Overview moustick is a malicious package. This package contains malicious code that fetches and eval a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ on require in moustick/index.js. The payload is designed to extract RELAYERPRIVATEKEY and JWTSECRET from the victim...

Malicious Package

Overview cookie-parser-legacy is a malicious package. This package contains malicious code that uses another malicious package moustick Snyk Advisory as a dependency to fetch a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ. The payload is designed to extract...

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

EUVD-2026-34046

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

LibreChat 信息泄露漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Versions of LibreChat 0.8.3 and earlier contained a security vulnerability known as information leakage. Th...

PT-2026-45064

Summary Type: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORM JWT SECRET is unset. A safety check exists but only fires when PLATFORM ENV != "dev"; the default value of PLATFORM ENV is "dev", so the check is silentl...

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

CVE-2026-44523

CVE-2026-44523 affects Note Mark, with all versions before 0.19.4 vulnerable to a JWT secret weakness. The root cause is that the JWT secret is not validated for minimum length or entropy; the application accepts any base64-decodable secret, even as short as 1 byte. In backend/config/utils.go, Ba...

CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

Note Mark 加密问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.4 contained a security vulnerability related to encryption. This vulnerability stemmed from the JWTSECRET configuration value not having a mandatory minimum length or entropy,...

Nginx-UI Settings API Exposes Protected Secrets

Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...

EUVD-2026-27140

Nginx-UI Settings API Exposes Protected Secrets...

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

GHSA-MXQH-Q9H6-V8PQ Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...