Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/25 3:49 p.m.27 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
OSV
OSV
added 2026/06/17 6:8 p.m.4 views

GHSA-FHX7-M96W-MV29 Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with...

8.1CVSS6AI score0.00304EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:8 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the POST /api/v1/repos/owner/repo/forks API endpoint, which fails to enforce the required organization repository creation permissions. An attacker can gain administrative control over a new repository within...

8.6CVSS5.9AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.4 views

EUVD-2025-206617

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...

5.7CVSS5.4AI score0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.3 views

CVE-2025-7105

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...

5.7CVSS5.4AI score0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.26 views

CVE-2025-7105 Denial of Service via JavaScript Memory Overflow in danny-avila/librechat

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...

5.7CVSS0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5653

Name of the Vulnerable Software and Affected Versions librechat affected versions not specified Description A flaw exists in danny-avila/librechat that allows attackers to exploit the unrestricted Fork Function. The vulnerable function is located at the /api/convos/fork endpoint. By rapidly forki...

5.7CVSS6.2AI score0.00279EPSS
Exploits0References8
Rows per page
Query Builder