CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

SUSE CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

GHSA-H2X2-Q2MC-24GW pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

CVE-2026-7813

pgAdmin 4 server mode CVE-2026-7813 enables cross-user data access and privilege escalation in Shared Servers. An authenticated user could enumerate object IDs to fetch another user’s private servers, server groups, background processes, and debugger arguments due to lacking user-scoped access co...

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

CVE-2025-69417

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...

CVE-2025-69417

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...

CVE-2025-69417

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...

CVE-2025-69417

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...

CVE-2025-69417

PVE-2025-69417 affects Plex Media Server (PMS) prior to latest updates. The issue arises when a non-server device token can retrieve share tokens intended for unrelated access via the shared_servers endpoint, indicating an access-control weakness in PMS’s token handling. Public references in the ...

CVE-2025-69417

In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...

Plex Media Server 安全漏洞

Plex Media Server is a suite of media player and media server software from the Swiss company Plex. A security vulnerability exists in Plex Media Server version 2025-12-31 and earlier, which stems from a non-server device token in the plex.tv backend that can retrieve shared tokens via the...

PT-2026-1111

Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 2025-12-31 Description A non-server device token can retrieve share tokens via the shared servers endpoint. These share tokens are intended for unrelated access. Recommendations Update Plex Media Server to a...

Role of free Hosting in Cyber Crime

Role of free Hosting in Cyber Crime Zscaler experts notice that free hosting and DNS providers abused for hosting Phishing Pages, Spamming, Botnets or Malwares. Many free hosted sites considered as spam. They list "x90x.net" Free hosting Provider which used to host many Facebook Phishing sites...