Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31944

LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP Model Context Protocol OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the browser hitting the redire...

7.6CVSS5.9AI score0.00244EPSS
Exploits1References1
OSV
OSV
added 2025/07/10 3:15 p.m.4 views

CVE-2025-7365

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References6
Hacker One
Hacker One
added 2016/01/03 5:39 p.m.22 views

Ubiquiti Inc.: Reflected File Download in community.ubnt.com/restapi/

Hello, https://community.ubnt.com/restapi/vc/authentication/sessions/Ubiquitiupdate.cmd?restapi.responseformat=json&callback=%22||calc|| The above URL is vulnerable to RFD. Here is the proof of concept: Browser Chrome: Embedded the above URL in html 5 anchor tags with download attribute: Download...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2009/10/07 2:56 p.m.10 views

Malware Flea Market Pays Hackers to Hijack PCs

Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for i...

3.4AI score
Exploits0References2
Rows per page
Query Builder