Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/25 3:54 p.m.17 views

CVE-2026-54024 LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

6.5CVSS0.00253EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:39 p.m.5 views

EUVD-2026-39454

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 1:50 p.m.14 views

CLEANSTART-2026-AY53560 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-35469, ghsa-f6x5-jh6r-wrfv, ghsa-hr2v-4r36-88hr, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 0.8.10-r0, 0.8.10-r1, 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.3AI score0.00728EPSS
Exploits0References30
Github Security Blog
Github Security Blog
added 2024/03/14 8:37 p.m.32 views

Whoogle Search Server-Side Request Forgery vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS6.6AI score0.0098EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2019/07/25 1:15 p.m.13 views

CVE-2019-1010183

serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...

6.5CVSS6.5AI score0.01083EPSS
Exploits0References1
Prion
Prion
added 2019/07/25 1:15 p.m.17 views

Deserialization of untrusted data

serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...

4.3CVSS6.5AI score0.01083EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder