CVE-2026-31950

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

CVE-2026-31950

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

CVE-2026-31950

LibreChat exposes an IDOR in SSE stream subscriptions. In versions 0.8.2-rc2 through 0.8.2-rc3, the endpoint /api/agents/chat/stream/:streamId does not verify stream ownership, allowing any authenticated user who guesses or obtains a valid streamId to subscribe and read another user’s real-time c...

EUVD-2026-16767

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

PT-2026-28431

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.2-rc2 through 0.8.2-rc3 Description LibreChat, a ChatGPT clone, has an issue where the SSE streaming endpoint /api/agents/chat/stream/:streamId does not confirm that the user making the request is authorized to access th...

Zulip Cross-Site Scripting Vulnerability (CNVD-2022-17016)

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper...

PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability

No description provided by source. !Info! PHP Live! 漏 OSI Codes Inc. enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your...

phplive31-rfi.txt

/ -------------------------------------------------------- Neo Security Team NST - Advisory 25 - 08/10/06 -------------------------------------------------------- Program: PHP Live! Homepage: http://www.phplivesupport.com/ Vulnerable Versions: 3.1 and prior Risk: High! Impact: Critical Risk -==PH...

AspBB Forum "profile.asp & default.asp" XSS Vulnerability

This xss works on Aspbb Forums Homapage : http://www.aspbb.org Version : 0.5.2 Exploit: http://www.example.com/default.asp?action="scriptalert'Xss Vulnerability';/script http://www.example.com/profila.asp?get="scriptalert'Xss Vulnerability';/script&URL=2FDefault2Easp3F TeufeL // Netkabus.Com...