CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

CVE-2026-31942

LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...

SAMSUNG Blockchain Keystore Code Execution Vulnerability

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

SAMSUNG Blockchain Keystore 安全漏洞

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

Behind the Scenes: The Art of Safeguarding Non-Human Identities

In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines ar...

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic acce...

kernel: use-after-free during key garbage collection

A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash...

Mandriva Update for mds MDVA-2010:142 (mds)

Check for the Version of mds OpenVAS Vulnerability Test Mandriva Update for mds MDVA-2010:142 mds Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...