|
2851
|
9.6 |
CRITICAL
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga…
|
CWE-200
Information Exposure
|
CVE-2026-32625
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-44653
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
- |
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44654
|
2026-06-5 00:48 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
- |
|
-
|
-
|
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22054
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
- |
|
-
|
-
|
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22055
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
- |
|
-
|
-
|
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receivi…
|
CWE-862
Missing Authorization
|
CVE-2026-4881
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
7.5 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42342
|
2026-06-5 00:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies.
When Tesla.Middleware.…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48594
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
- |
|
-
|
-
|
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips securit…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-48595
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-48596
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
