Lucene search
K

14460 matches found

Vulnrichment
Vulnrichment
added 2026/06/25 3:57 p.m.6 views

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 3:57 p.m.11 views

CVE-2026-55439

Halo: Path traversal vulnerability (CVE-2026-55439) in the backup download endpoint allows authenticated administrators to read arbitrary files from the server when upgrading before 2.24.3. The issue arises because the backup filename in GET /apis/console.api.migration.halo.run/v1alpha1/backups/{...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:57 p.m.7 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 3:45 p.m.6 views

EUVD-2026-39456

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:45 p.m.7 views

CVE-2026-54040

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:45 p.m.30 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS0.0015EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:45 p.m.14 views

CVE-2026-54040

Summary of CVE-2026-54040 (LibreChat): Before version 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring a valid TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim’s 2F...

7.1CVSS6AI score0.0015EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/25 3:39 p.m.5 views

EUVD-2026-39454

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:39 p.m.8 views

CVE-2026-54036

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 8:18 a.m.25 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

10CVSS6.7AI score0.01557EPSS
Exploits2References13
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39144

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.4AI score0.01373EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39146

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.6 views

EUVD-2026-39145

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.7 views

EUVD-2026-39147

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39139

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39140

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39141

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39149

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 12:17 a.m.6 views

CVE-2026-9783

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Rows per page
Query Builder