11 matches found
CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...
CVE-2026-33226
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft
On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it's knowing which risks matter most right now. That's what this digest is here for: a clear, simple...
Rockstar Games: Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.
In this report, the researcher identified a chain of attacks that could result in sensitive token leakage, such as Oauth tokens. The attack would begin with an image injection exploit on the page at https://www.rockstargames.com/bully/anniversaryedition. That exploit was the focus of this...
Rockstar Games: Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.
In this report, the researcher identified a series of vulnerabilities that could be exploited together to exfiltrate sensitive user tokens. In this attack chain, one critical step was an image injection vulnerability in the Screenshot-Viewer function on the main site, at...
Man-in-the-middle
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...
Rockstar Games: Image Injection on /bully/anniversaryedition may lead to OAuth token theft.
In this report, the researcher identified an image injection issue on www.rockstargames.com/bully/anniversaryedition that could be combined with other vulnerabilities to result in sensitive token theft under certain conditions. We resolved the image injection issue, preventing this series of...
Rockstar Games: Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft.
In this report, the researcher identified an image injection vulnerability in our screenshot-viewer utility on rockstargames.com. One of the input parameters utilized was not being properly filtered, and external URLs could be referenced, allowing off-site images to be called. This issue was...
Internet Bug Bounty: TLS Virtual Host Confusion
I am a security researcher at INRIA Paris in team PROSECCO http://prosecco.inria.fr We have been investigating a new class of attacks against the deployment of TLS on the Web. The main idea behind these attacks is that when two servers host different domains but share the same certificate which...