CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

ATTACKERKB•added 2026/06/02 10:40 p.m.•7 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.7AI score0.00276EPSS

Exploits1References2Affected Software1

CVE•added 2026/06/02 10:40 p.m.•24 views

CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

6.5CVSS5.7AI score0.00276EPSS

Exploits1References1Affected Software1

EUVD•added 2026/06/02 10:40 p.m.•9 views

EUVD-2026-34047

6.5CVSS5.7AI score0.00276EPSS

Exploits1References1

Cvelist•added 2026/06/02 10:40 p.m.•39 views

CVE-2026-44653 LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets

6.5CVSS0.00276EPSS

Exploits1References1

Positive Technologies•added 2026/06/02 12:0 a.m.•13 views

PT-2026-45882

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...

6.5CVSS5.8AI score0.00276EPSS

Exploits1References3

Packet Storm News•added 2026/05/25 12:0 a.m.•12 views

CVE-2026-27886 Vulnerability Assessment Tool

CVE-2026-27886 is an unauthenticated parameter sanitization bypass in Strapi versions 4.0.0 through 5.36.1 that allows remote, unauthenticated attackers to leak administrator secrets through the public Content API. This tool safely detects whether an instance is vulnerable without performing the...

9.2CVSS5.8AI score0.00612EPSS

Exploits3

ATTACKERKB•added 2026/03/20 8:31 a.m.•3 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS5.9AI score0.00225EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-1109

Malicious code in bioql PyPI...

5.5CVSS5.4AI score0.0052EPSS

Exploits0References13

Tenable Nessus•added 2025/08/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2020-8566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in...

5.5CVSS6AI score0.0052EPSS

Exploits0References2

OSV•added 2024/04/24 8:2 p.m.•23 views

GHSA-5X96-J797-5QQW Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...

5.3CVSS5.4AI score0.0052EPSS

Exploits0References9

RedHat Linux•added 2021/02/24 2:45 p.m.•2 views

kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4

A flaw was found in kubernetes. If the logging level is to at least 4, and Ceph RBD is configured as a storage provisioner, then Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...

5.5CVSS6.8AI score0.0052EPSS

Exploits0References6