|
2731
|
8.5 |
HIGH
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre…
|
CWE-20
Improper Input Validation
|
CVE-2026-47201
|
2026-06-5 00:49 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2732
|
8.8 |
HIGH
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured…
|
CWE-287
Improper Authentication
|
CVE-2026-49443
|
2026-06-5 00:49 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2733
|
9.8 |
CRITICAL
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions …
|
CWE-287
Improper Authentication
|
CVE-2026-49448
|
2026-06-5 00:49 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2734
|
8.0 |
HIGH
Network
|
-
|
-
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35482
|
2026-06-5 00:49 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2735
|
7.1 |
HIGH
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys mana…
|
CWE-862
Missing Authorization
|
CVE-2026-31942
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2736
|
9.6 |
CRITICAL
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga…
|
CWE-200
Information Exposure
|
CVE-2026-32625
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2737
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-44653
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2738
|
- |
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44654
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2739
|
- |
|
-
|
-
|
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22054
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2740
|
- |
|
-
|
-
|
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22055
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
