18 matches found
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
PT-2026-1934
Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
EUVD-2025-199888
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201
CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
PT-2025-48355
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, contains a Server-side Request Forgery SSRF issue in its "Actions" feature. An authenticated user with access to this feature can exploit th...
LibreChat 代码问题漏洞
LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code issue vulnerability exists in versions prior to LibreChat 0.8.1-rc2 that stems from a server-side request forgery in the Actions feature, which could lead to server impersonation...
EUVD-2021-26273
Malware in sbrugna...
CVE-2022-36051 Broken Authorization in ZITADEL Actions
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...
PT-2022-23143 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: ZITADEL versions 1.42.0 through 1.87.0 ZITADEL versions 1.56.0 through 1.87.0 ZITADEL version 2.x prior to 2.2.0 Description: The issue is related to a missing authorization check in the Actions feature, introduced in ZITADEL 1.42.0 on the AP...
GHSA-PJMX-4GC6-HWV8 Drupal cross-site scripting vulnerability via actions feature and trigger module
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
Drupal cross-site scripting vulnerability via actions feature and trigger module
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
CVE-2010-3094
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...