179 matches found
CVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
EUVD-2025-35577
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848
LibreChat (danny-avila/librechat) v0.7.9 contains a vulnerability where the Accept-Language header is not properly sanitized, allowing a logged-in attacker to inject arbitrary HTML into the html lang tag, effectively a stored XSS risk as described by multiple sources (NVD, Nuclei template, OSV, R...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the tag of the response. This can lead to potential security...
LibreChat 代码注入漏洞
LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code injection vulnerability exists in LibreChat version 0.7.9, which stems from unvalidated input of the Accept-Language header and could lead to a cross-site scripting attack...
PT-2025-43144
Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description A flaw exists in danny-avila/librechat version 0.7.9 that permits HTML injection through the Accept-Language header. A logged-in user sending an HTTP GET request with a specially crafted Accept-Language head...
EUVD-2020-21244
Malware in sbrugna...
EUVD-2019-4537
Malware in sbrugna...
EUVD-2008-5071
Malware in sbrugna...
EUVD-2020-21243
Malware in sbrugna...
EUVD-2015-9256
Malware in sbrugna...
EUVD-2018-0538
Malware in sbrugna...
EUVD-2022-7037
Malicious code in bioql PyPI...
EUVD-2025-26502
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-10539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...
Possible HTML Injection in Accept-Language header
This report is not public...
CVE-2019-12962
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...