4 matches found
CVE-2026-31944
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...
CVE-2025-7365
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...
Ubiquiti Inc.: Reflected File Download in community.ubnt.com/restapi/
Hello, https://community.ubnt.com/restapi/vc/authentication/sessions/Ubiquitiupdate.cmd?restapi.responseformat=json&callback=%22||calc|| The above URL is vulnerable to RFD. Here is the proof of concept: Browser Chrome: Embedded the above URL in html 5 anchor tags with download attribute: Download...
Malware Flea Market Pays Hackers to Hijack PCs
Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for i...