Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/12/12 10:17 p.m.1 views

CVE-2025-66450

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

8.6CVSS6.7AI score0.00027EPSS
Exploits1References1
NVD
NVDadded 2025/12/11 10:15 p.m.4 views

CVE-2025-66450

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

8.6CVSS0.00027EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/12/11 10:5 p.m.2 views

CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

8.6CVSS6.3AI score0.00027EPSS
Exploits1References2
EUVD
EUVDadded 2025/12/11 10:5 p.m.4 views

EUVD-2025-202930

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

8.6CVSS6.2AI score0.00027EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/12/11 12:0 a.m.3 views

PT-2025-50771

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.0 and below Description A flaw exists in LibreChat versions 0.8.0 and below where modification of the iconURL parameter in a POST request allows an attacker to store malicious code within a chat. Sharing this chat with...

8.6CVSS6AI score0.00027EPSS
Exploits1References5
Hacker One
Hacker Oneadded 2021/02/12 4:55 a.m.46 views

Mail.ru: Reflected XSS https://tracker.my.com

Reflected XSS on tracker.my.com via GET parameter iconUrl...

1.6AI score
Exploits0
Veracode
Veracodeadded 2017/02/28 1:18 a.m.9 views

Cross-site Scripting (XSS)

zaproxy is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as zaproxy does not properly sanitize the Alert IconUrl, allowing arbitrary HTML code to be injected...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2005/07/13 12:0 a.m.37 views

FreeBSD : mozilla -- code execution via javascript: IconURL vulnerability (eca6195a-c233-11d9-804c-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. - The problem is that 'IFRAME' JavaScript URLs are not properly protected from...

5.1CVSS5.7AI score0.4976EPSS
Exploits2References4
Rows per page
Query Builder