|
1141
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations …
|
CWE-200
CWE-201
CWE-522
Information Exposure
Insertion of Sensitive Information Into Sent Data
Insufficiently Protected Credentials
|
CVE-2026-55180
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1142
|
5.9 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring an…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-54040
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1143
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/for…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54037
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1144
|
7.7 |
HIGH
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This U…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54033
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1145
|
5.4 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54025
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1146
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in th…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54024
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1147
|
7.3 |
HIGH
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch files. An attacker who …
|
CWE-22
Path Traversal
|
CVE-2026-50015
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1148
|
7.5 |
HIGH
Network
|
-
|
-
|
Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by th…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-13351
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1149
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
CWE-89
SQL Injection
|
CVE-2025-61023
|
2026-06-26 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1150
|
8.7 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker strin…
|
CWE-353
Missing Support for Integrity Check
|
CVE-2026-7574
|
2026-06-26 04:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
