CVE-2026-33265

The vulnerability CVE-2026-33265 affects LibreChat 0.8.1-rc2, where a logged-in user can obtain a JWT for both the LibreChat API and the RAG API. The connected documents confirm the affected product and the exact outcome (JWTs issued to an authenticated user), but they do not provide root cause d...

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

CVE-2026-4359

A flaw was found in mongo-c-driver. A compromised third-party cloud server or a man-in-the-middle MITM attacker could send a malformed HTTP response. This could cause applications using the MongoDB C driver to crash, leading to a Denial of Service...

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

CVE-2026-28673

xiaoheiFS (self-hosted financial/operational system) versions ≤ 0.3.15 are vulnerable through the standard plugin system. An attacker can upload a ZIP containing a binary and a manifest.json; the server trusts the binaries field in the manifest and executes the specified file without validating i...

PT-2026-26058

🚨 CVE-2026-25449: WordPress Traveler theme 3.2.8... PHP object injection in WordPress Traveler theme with 9.8 CVSS and zero auth requirements - RCE goldmine for mass WordP... https://t.co/VFpIhT0XqE netsec vulnerability CVE sysadmin zeroday...

Devolutions Hub Reporting Service 安全漏洞

The Devolutions Hub Reporting Service is a component of the Canadian company Devolutions that manages reports on the usage of remote access credentials. Versions of the Devolutions Hub Reporting Service prior to 2025.3.1.1 contained security vulnerabilities; these vulnerabilities were caused by...

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Version 0.8.1-rc2 of LibreChat contains a security vulnerability, which stems from the fact that logged-in...

PT-2026-26154

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cram decode compression header was missing. If the function return...

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

PT-2026-26149

🟠 CVE-2026-4396 - High Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verif... https://t.co/fSciVkCYpu https://t.co/yeXegKnc3n...

EulerOS Virtualization 2.13.0 : unbound (EulerOS-SA-2026-1632)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

CVE-2026-26001

CVE-2026-26001 affects the GLPI Inventory Plugin. The vulnerability is an SQL injection in the dropdown_calendar report, caused by non-sanitized user input prior to version 1.6.6. The issue allows an attacker with adequate rights to influence the database query (impacting confidentiality; integri...

EUVD-2026-12640

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

UBUNTU-CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...