11 matches found
CVE-2026-54030 LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...
CVE-2026-29133
SEPPmail Secure Email Gateway is affected (versions before 15.0.3) by a vulnerability where an attacker can upload PGP keys with UIDs that do not match the associated email address. The root cause is inadequate UID validation for uploaded keys, enabling UID/address discrepancy. Documented impact ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001786)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001786 advisory. The rdsibxmit function in net/rds/ibsend.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to...
UBUNTU-CVE-2023-53540
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: reject auth/assoc to AP with our address If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later...
CVE-2023-53540
CVE-2023-53540 covers a Linux kernel wifi issue in cfg80211 where a station will reject auth/assoc to an AP if the AP uses the station’s own address as MLD address or BSSID. The advisory states this should be rejected to avoid a later failure, with impact described as a high availability risk but...
CVE-2024-53269 Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to...
Potential Risk of Accidentally Minting Tokens to Incorrect Accounts
Lines of code Vulnerability details Impact 1. the Intended recipient of the tokens might not receive them, which could lead to a loss of funds or a delay in the intended use of the tokens 2. incorrect account holder could receive the tokens by mistake, leading to a discrepancy in the total token...
Incorrect use of msg.sender in isApprovedForAll function causes issues
Lines of code Vulnerability details Impact the function isApprovedForAlladdress owner, address operator is using msg.sender as the address of the user instead of the address that is passed as the owner parameter, this might cause some issues on the code. --- The text was updated successfully, but...
rbData.toCollateral address can be different than the token address set in swapData.dexTxData.
Lines of code Vulnerability details Impact rbData.toCollateral address can be different than the token address set in swapData.dexTxData. A manager can supply toCollateral address of the collateral within the contract but supply a different address in swapParams.dexTxData such that the contract...
updateProjectHash does not check project address
Lines of code Vulnerability details In Project.sol, function updateProjectHash L162, data which is signed by builder and/or contractor does not contain a reference to the project address. In all other external functions of Project.sol, data contains the address of the project, used in this check:...
DEBIAN-CVE-2021-40491
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...