Lucene search
+L

5253 matches found

Cvelist
Cvelist
added 2026/06/25 8:58 p.m.25 views

CVE-2026-50176 EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access...

8.7CVSS0.00391EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:18 p.m.4 views

GHSA-R4V7-6WCG-GHJ5 FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks

Summary The /api/auth/login endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerability...

6.5CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 p.m.15 views

CVE-2026-54037

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:49 p.m.5 views

EUVD-2026-39458

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 3:49 p.m.4 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/25 3:49 p.m.30 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:49 p.m.9 views

CVE-2026-54037

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 3:49 p.m.12 views

CVE-2026-54037

LibreChat (a multi-provider ChatGPT-like app) contains a missing rate limiter in POST /api/convos/duplicate, which performs the same expensive DB operations as POST /api/convos/fork. The fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter to /fork, but did not apply a corresponding limi...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:49 p.m.7 views

CVE-2026-54037 LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.35 views

CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52597

Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an...

8.7CVSS5.8AI score0.00391EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52496

🚨 CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST...

6.5CVSS6.2AI score0.00293EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53056 drm/msm/dpu: fix mismatch between power and frequency

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: fix mismatch between power and frequency During DPU runtime suspend, calling devpmoppsetratedev, 0 drops the MMCX rail to MINSVS while the core clock frequency remains at its original highest rate. When runtime resum...

5.8AI score0.0018EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 4:30 p.m.12 views

EUVD-2026-38924

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: fix mismatch between power and frequency During DPU runtime suspend, calling devpmoppsetratedev, 0 drops the MMCX rail to MINSVS while the core clock frequency remains at its original highest rate. When runtime resum...

5.7AI score0.0018EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.17 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: clk: qcom: gfx3d: added a parent field to the parent request map. After committing d228ece36345 “clk: divider: removing roundrate in favor of determinerate”, determining the GFX3D clock rate became unstable. This occurred...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.15 views

CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 12:59 p.m.7 views

JLSEC-2026-611 Unbounded HTTP/2 concurrent streams and Rapid Reset denial of service in HTTP.jl server

Description The HTTP.jl HTTP/2 server advertised an empty initial SETTINGS frame, leaving SETTINGSMAXCONCURRENTSTREAMS effectively unlimited, and the HEADERS code path allocated per-stream state, a send-window entry, and a Threads.@spawned handler with no check on the number of open streams...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:12 p.m.18 views

CVE-2026-56234

Capgo prior to 12.128.2 exposes a credential validation endpoint (POST /functions/v1/private/validate_password_compliance) that is accessible with only the public Supabase key and lacks authentication. The endpoint uses permissive CORS with a wildcard origin and has no rate limiting, which enable...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38429

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder