Lucene search
K

246 matches found

OSV
OSV
added 2026/01/07 9:17 p.m.6 views

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

9.1CVSS7AI score0.04094EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/06 7:41 a.m.6 views

CVE-2025-65110

A flaw was found in Vega, a library used for creating interactive data visualizations. This vulnerability affects applications that expose the Vega library globally and process user-provided visualization definitions. A remote attacker could exploit this by convincing a user to open a specially...

8.1CVSS6.8AI score0.00452EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/05 10:58 p.m.2 views

Cross-site Scripting (XSS)

Overview vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the application by supplyin...

8CVSS5.5AI score0.00184EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/05 10:58 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the...

8CVSS5.5AI score0.00184EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/02 6:30 p.m.4 views

EUVD-2026-0444

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.4 views

Trust in LLM-Controlled Robotics: A Survey of Security Threats, Defenses and Challenges

The integration of Large Language Models LLMs into robotics has revolutionized their ability to interpret complex human commands and execute sophisticated tasks. However, such paradigm shift introduces critical security vulnerabilities stemming from the ''embodiment gap'', a discord between the...

7.4AI score
Exploits0
EUVD
EUVD
added 2025/11/29 1:26 a.m.5 views

EUVD-2025-199888

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.2AI score0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/29 1:26 a.m.3 views

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.3AI score0.00255EPSS
Exploits1References1
CVE
CVE
added 2025/11/29 1:26 a.m.18 views

CVE-2025-66201

CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...

8.6CVSS6.4AI score0.00255EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/11/17 10:28 p.m.6 views

Critical: Red Hat Security Advisory: lasso security update

An update for lasso is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS7.5AI score0.00824EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/11/05 12:0 a.m.6 views

Specification-Guided Vulnerability Detection with Large Language Models

Large language models LLMs have achieved remarkable progress in code understanding tasks. However, they demonstrate limited performance in vulnerability detection and struggle to distinguish vulnerable code from patched code. We argue that LLMs lack understanding of security specifications -- the...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987686 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch...

7.1CVSS6.4AI score0.00182EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18504

Malware in sbrugna...

5.3CVSS5.3AI score0.00402EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-3496

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4706

Malicious code in bioql PyPI...

7.5CVSS8.6AI score0.08491EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-35461

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0089EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28865

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00967EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-55183

Malicious code in bioql PyPI...

7.1CVSS7.1AI score0.00182EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-2994

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.1081EPSS
Exploits1References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5567

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00321EPSS
Exploits0References8
Rows per page
Query Builder