CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 4 days ago•6 views

PT-2026-45882

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...

6.5CVSS5.8AI score0.00034EPSS

Exploits1References3

CVE•added 2026/05/29 2:29 p.m.•12 views

CVE-2026-10042

The CVE-2026-10042 issue affects manga-image-translator, specifically the share.py module of the shared API server. It enables remote code execution through unsafe deserialization of attacker-controlled pickle data in the /execute/{method_name} and /simple_execute/{method_name} endpoints, which c...

9.8CVSS6.7AI score0.00476EPSS

Exploits0References4

Snyk•added 2026/05/20 9:45 p.m.•7 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

9.8CVSS5.8AI score0.00371EPSS

Exploits0References2

EUVD•added 2026/05/11 2:50 p.m.•3 views

EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

7.5CVSS5.8AI score0.00338EPSS

Exploits1References4

Github Security Blog•added 2026/05/11 2:50 p.m.•5 views

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

7.5CVSS5.9AI score0.00338EPSS

Exploits1References5Affected Software3

Snyk•added 2026/05/06 7:32 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

Snyk•added 2026/05/06 7:32 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

Snyk•added 2026/05/06 7:32 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

Snyk•added 2026/05/06 7:32 p.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...

NVD•added 2026/05/06 5:16 p.m.•7 views

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

7.5CVSS0.00338EPSS

ATTACKERKB•added 2026/05/06 4:24 p.m.•6 views

CVE-2026-23870

7.5CVSS5.8AI score0.00338EPSS

Exploits1References2Affected Software3

Cvelist•added 2026/05/06 4:24 p.m.•27 views

CVE-2026-23870

7.5CVSS0.00338EPSS

VulnCheck KEV•added 2026/04/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

7.5CVSS5.9AI score0.41239EPSS

In wildExploits10References2

CNNVD•added 2026/03/13 12:0 a.m.•3 views

dagu 访问控制错误漏洞

Dagu is an open-source workflow engine developed by Dagu Workflow Engine. Versions of Dagu prior to 2.2.4 contained a security vulnerability related to access control. This vulnerability stemmed from the use of HTTP basic authentication, where all server-sent event endpoints could be accessed...

7.5CVSS5.8AI score0.0017EPSS

Exploits1References4

Cvelist•added 2026/03/09 8:55 p.m.•24 views

CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

9.1CVSS0.16947EPSS

Exploits2References1

RedhatCVE•added 2026/03/06 1:34 a.m.•4 views

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

5.8CVSS6AI score0.0043EPSS