Lucene search
+L

179 matches found

redhatcve
redhatcve
added 2025/10/23 2:15 p.m.4 views

CVE-2025-8848

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

5.4CVSS6.1AI score0.00423EPSS
Exploits1References1
euvd
euvd
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35577

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS5.6AI score0.00423EPSS
Exploits1References2
nvd
nvd
added 2025/10/22 2:15 p.m.5 views

CVE-2025-8848

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

5.4CVSS0.00423EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/10/22 1:54 p.m.4 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS5.7AI score0.00423EPSS
Exploits1References1
cve
cve
added 2025/10/22 1:54 p.m.21 views

CVE-2025-8848

LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...

5.4CVSS4.9AI score0.00423EPSS
Exploits1References1Affected Software1
osv
osv
added 2025/10/22 1:54 p.m.3 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS5.9AI score0.00423EPSS
Exploits1References3
cvelist
cvelist
added 2025/10/22 1:54 p.m.12 views

CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat

A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...

4.8CVSS0.00423EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/10/22 12:0 a.m.6 views

LibreChat 代码注入漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...

5.4CVSS5AI score0.00423EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/10/22 12:0 a.m.10 views

PT-2025-43144

Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description A flaw exists in danny-avila/librechat version 0.7.9 that permits HTML injection through the Accept-Language header. A logged-in user sending an HTTP GET request with a specially crafted Accept-Language head...

5.4CVSS6AI score0.00423EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21244

Malware in sbrugna...

7.5CVSS7.6AI score0.01674EPSS
Exploits1References13
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4537

Malware in sbrugna...

6.1CVSS6.5AI score0.09052EPSS
Exploits4References4
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-5071

Malware in sbrugna...

10CVSS6.1AI score0.01738EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-21243

Malware in sbrugna...

7.5CVSS7.6AI score0.02297EPSS
Exploits1References12
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-9256

Malware in sbrugna...

6.1CVSS6.3AI score0.0102EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0538

Malware in sbrugna...

7.5CVSS7.4AI score0.01399EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-7037

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.01428EPSS
Exploits0References20
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-26502

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.0043EPSS
Exploits0References2
nessus
nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

7.5CVSS7.2AI score0.01399EPSS
Exploits0References2
huntr
huntr
added 2025/07/24 1:53 p.m.7 views

Possible HTML Injection in Accept-Language header

This report is not public...

5.4CVSS5.4AI score0.00423EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 8:23 a.m.7 views

CVE-2019-12962

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...

6.1CVSS5.9AI score0.09052EPSS
Exploits4References1
Rows per page
Query Builder