Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

166 New today
65,719 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
56
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 7.7

LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private...

CVE-2026-54033 danny-avila LibreChat < 0.8.4-rc1
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8 CVE-2026-54030

LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate ...

danny-avila LibreChat < 0.8.5 CVE
MEDIUM 5.3 CVE-2026-54029

LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter_CVE-2026-54029

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId...

danny-avila LibreChat < 0.8.4-rc1 CVE
MEDIUM 6.5 CVE-2026-54027

LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization_CVE-2026-54027

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any auth...

danny-avila LibreChat < 0.8.4-rc1 CVE
MEDIUM 5.4 CVE-2026-54025

LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview_CVE-2026-54025

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown ar...

danny-avila LibreChat < 0.8.4-rc1 CVE
MEDIUM 6.5 CVE-2026-54024

LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits_CVE-2026-54024

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added ...

danny-avila LibreChat < 0.8.4-rc1 CVE
HIGH 7.2 CVE-2026-45233

HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave_CVE-2026-45233

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by s...

danpros htmly CVE
HIGH 7.5 CVE-2026-13351

net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets_CVE-2026-13351

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragment...

zephyrproject-rtos Zephyr * CVE
LOW 2.3 CVE-2026-13350

CVE-2026-13350_CVE-2026-13350

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.

pretix Venueless 0.0.0 CVE
MEDIUM 6 CVE-2026-6291

Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption_CVE-2026-6291

Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned...

wolfSSL wolfSSL 3.9.10 CVE