Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today

65,553 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

266

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / a...

CVE-2026-54573 outline outline < 1.8.0

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-54448	Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448 Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAl...	aquasecurity	trivy < 0.71.0	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-54040	LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint r...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54037	LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and f...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-54033	LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-c...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-54030	LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate ...	danny-avila	LibreChat < 0.8.5	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54029	LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter_CVE-2026-54029 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54027	LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization_CVE-2026-54027 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any auth...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-54025	LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview_CVE-2026-54025 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown ar...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54024	LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits_CVE-2026-54024 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added ...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573

Recent Advisories

Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448

LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040

LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037

LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033

LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030

LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter_CVE-2026-54029

LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization_CVE-2026-54027

LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview_CVE-2026-54025

LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits_CVE-2026-54024

Protect Your Attack Surface with RedGem

Security Intelligence
Feed