Lucene search
+L

15 matches found

NVD
NVD
added 2026/06/25 5:16 p.m.15 views

CVE-2026-54037

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 3:49 p.m.30 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:49 p.m.9 views

CVE-2026-54037

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/25 3:49 p.m.6 views

EUVD-2026-39458

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/25 3:49 p.m.7 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 3:49 p.m.5 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References3
CVE
CVE
added 2026/06/25 3:49 p.m.13 views

CVE-2026-54037

LibreChat (a multi-provider ChatGPT-like app) contains a missing rate limiter in POST /api/convos/duplicate, which performs the same expensive DB operations as POST /api/convos/fork. The fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter to /fork, but did not apply a corresponding limi...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52496

🚨 CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST...

6.5CVSS6.2AI score0.00293EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/19 5:24 p.m.11 views

EUVD-2025-198224

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

6.5CVSS6.2AI score0.00218EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/08/18 1:48 a.m.12 views

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...

5.5CVSS7.1AI score0.00299EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.3 views

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...

5.5CVSS7.1AI score0.00299EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.4 views

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...

5.5CVSS7.1AI score0.00299EPSS
Exploits0References5
Amazon
Amazon
added 2024/08/13 12:0 a.m.4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free CVE-2022-48666 In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following...

7.8CVSS6.6AI score0.00301EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/08/06 2:1 a.m.4 views

SUSE CVE-2024-41035

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...

5.5CVSS6.4AI score0.00299EPSS
Exploits0References17
OSV
OSV
added 2024/07/29 3:15 p.m.2 views

DEBIAN-CVE-2024-41035

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore see the Closes: tag below caused by our assumption that the reserved bits in an endpoint descriptor's...

5.5CVSS5.8AI score0.00299EPSS
Exploits0References1
Rows per page
Query Builder