12 matches found
CVE-2026-54037
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...
CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...
CVE-2026-54037
LibreChat (a multi-provider ChatGPT-like app) contains a missing rate limiter in POST /api/convos/duplicate, which performs the same expensive DB operations as POST /api/convos/fork. The fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter to /fork, but did not apply a corresponding limi...
CVE-2026-54037
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...
EUVD-2026-39458
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...
EUVD-2025-198224
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...
kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...
kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...
kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free CVE-2022-48666 In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following...
SUSE CVE-2024-41035
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...
DEBIAN-CVE-2024-41035
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...