21779 matches found
CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the page reference counting assertion condition in p2pmemallocmmap, potentially leadi...
PT-2026-46027
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DRM/XE sysfs initialization where a failure in devm add action or reset causes a cleanup action to run immediately on a kobject that has not yet been initialized...
CVE-2026-31942
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
EUVD-2026-34049
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
CVE-2026-31942
LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...
CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...
ECHO-D03E-1F78-2A94
Bulletin has no description...
ECHO-4106-E27C-FA14
Bulletin has no description...
ECHO-D32D-23E1-029D
Bulletin has no description...
ECHO-A98D-272F-29E3
Bulletin has no description...
ECHO-E300-A541-3DC2
Bulletin has no description...
ECHO-1D0A-5CA5-36D8
Bulletin has no description...
MINI-2V79-W638-6WQQ
Bulletin has no description...
MINI-4RMP-46XW-FQ5J
Bulletin has no description...
CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
ECHO-F8CF-C148-B804
Bulletin has no description...