@deno/sandbox (>=0.0.9 <=0.6.0), @ekairos/dataset (>=1.21.56-beta.0 <=1.22.34-beta.development.0) +45 more potentially affected by unknown CVE via devalue (>=5.0.0 <=5.6.2)

devalue NPM version =5.0.0, =0.0.9, =1.21.56-beta.0, =1.22.4-beta.development.0, =1.21.56-beta.0, =1.21.67-beta.0, =1.21.88-beta.0, =0.0.0-dev-20260121145510, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =2.3.65, =1.1.27, =1.1.21, =1.2.263, =2.2.3, =4.0.1 and...

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

CVE-2025-7106 Authorization Bypass due to Incorrect Access Control in danny-avila/librechat

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

CVE-2025-7106

CVE-2025-7106 : In danny-avila/librechat, an authorization bypass is caused by the checkAccess function in api/server/middleware/roles/access.js using permissions.some() to validate required permissions. This logic can grant access if any one of multiple permissions is present, allowing users wit...

PT-2025-39160

Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...