20556 matches found
CVE-2026-31942
LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
ECHO-D03E-1F78-2A94
Bulletin has no description...
ECHO-4106-E27C-FA14
Bulletin has no description...
ECHO-D32D-23E1-029D
Bulletin has no description...
ECHO-E300-A541-3DC2
Bulletin has no description...
ECHO-1D0A-5CA5-36D8
Bulletin has no description...
ECHO-A98D-272F-29E3
Bulletin has no description...
MINI-2V79-W638-6WQQ
Bulletin has no description...
MINI-4RMP-46XW-FQ5J
Bulletin has no description...
CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
ECHO-F8CF-C148-B804
Bulletin has no description...
MINI-32PV-89RJ-2CJ9
Bulletin has no description...
MINI-R39P-WV84-J7P3
Bulletin has no description...
BELL-CVE-2026-46206
Bulletin has no description...
BELL-CVE-2026-46134 CVE-2026-46134 does not affect BellSoft software
Bulletin has no description...
ROOT-OS-DEBIAN-12-CVE-2025-39751 CVE-2025-39751 in rootio-linux - Patched by Root
Root has patched CVE-2025-39751 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-28511
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...