CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

EUVD-2020-30859

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2020-36941

Knockpy 4.1.1 is vulnerable to a CSV injection due to unfiltered server headers, enabling malicious spreadsheet formulas to be injected into CSV reports and potentially execute when opened in spreadsheet apps. The issue is confirmed with CVSS v3.1/4.0 data indicating a high impact (base score 9.8...

CVE-2020-36941 Knockpy 4.1.1 - CSV Injection

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

Knock Subdomain Scan security vulnerability

Knock Subdomain Scan is a domain name scanning tool developed by Gianni Amato. Version 4.1.1 of Knock Subdomain Scan contains a security vulnerability, which stems from unfiltered server headers, potentially allowing for CSV injection attacks...

PT-2026-4923

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2026-22543

CVE-2026-22543 affects devices whose web server accepts credentials in Base64 in HTTP headers. The base64 credential transmission is not encryption, enabling an attacker who can observe the login request to obtain credentials. Connected sources (including Red Hat, CIRCL sighting, NVD, CNNVD, and ...

EUVD-2025-198361

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

CVE-2025-36160 IBM Concert Information Disclosure

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

EUVD-2025-9429

Malicious code in bioql PyPI...

SUSE CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. PoC Set any of the following server headers as used in...

curl: out of heap memory issue due to missing limit on header quantity

A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash...