246 matches found
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
CVE-2025-65110
A flaw was found in Vega, a library used for creating interactive data visualizations. This vulnerability affects applications that expose the Vega library globally and process user-provided visualization definitions. A remote attacker could exploit this by convincing a user to open a specially...
Cross-site Scripting (XSS)
Overview vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the application by supplyin...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the...
EUVD-2026-0444
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
Trust in LLM-Controlled Robotics: A Survey of Security Threats, Defenses and Challenges
The integration of Large Language Models LLMs into robotics has revolutionized their ability to interpret complex human commands and execute sophisticated tasks. However, such paradigm shift introduces critical security vulnerabilities stemming from the ''embodiment gap'', a discord between the...
EUVD-2025-199888
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201
CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...
Critical: Red Hat Security Advisory: lasso security update
An update for lasso is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Specification-Guided Vulnerability Detection with Large Language Models
Large language models LLMs have achieved remarkable progress in code understanding tasks. However, they demonstrate limited performance in vulnerability detection and struggle to distinguish vulnerable code from patched code. We argue that LLMs lack understanding of security specifications -- the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987686)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987686 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch...
EUVD-2021-18504
Malware in sbrugna...
EUVD-2021-3496
Malicious code in bioql PyPI...
EUVD-2022-4706
Malicious code in bioql PyPI...
EUVD-2022-35461
Malicious code in bioql PyPI...
EUVD-2021-28865
Malicious code in bioql PyPI...
EUVD-2022-55183
Malicious code in bioql PyPI...
EUVD-2022-2994
Malicious code in bioql PyPI...
EUVD-2025-5567
Malicious code in bioql PyPI...