|
3281
|
8.0 |
HIGH
Network
|
-
|
-
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35482
|
2026-06-5 00:49 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3282
|
7.1 |
HIGH
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys mana…
|
CWE-862
Missing Authorization
|
CVE-2026-31942
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3283
|
9.6 |
CRITICAL
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga…
|
CWE-200
Information Exposure
|
CVE-2026-32625
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3284
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-44653
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3285
|
- |
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44654
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3286
|
- |
|
-
|
-
|
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22054
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3287
|
- |
|
-
|
-
|
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22055
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3288
|
- |
|
-
|
-
|
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receivi…
|
CWE-862
Missing Authorization
|
CVE-2026-4881
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3289
|
7.5 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42342
|
2026-06-5 00:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3290
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies.
When Tesla.Middleware.…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48594
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
