Lucene search
K

6 matches found

OSV
OSV
added 2026/06/02 10:35 p.m.2 views

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.9AI score0.0294EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/03 12:0 a.m.31 views

VulnCheck KEV: CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS6.4AI score0.23084EPSS
In wildExploits5References2
ATTACKERKB
ATTACKERKB
added 2022/04/13 6:15 p.m.6 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

4.3CVSS6.4AI score0.00497EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/13 6:15 p.m.8 views

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8AI score0.23084EPSS
Exploits5References2
OSV
OSV
added 2022/04/13 6:15 p.m.5 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

4.3CVSS5AI score0.00497EPSS
Exploits1References1
OSV
OSV
added 2022/04/13 6:15 p.m.5 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS6.6AI score0.23084EPSS
Exploits5References3
Rows per page
Query Builder