Vulnerabilidades em danny-avila
48 resultadosCVE-2025-69220HIGHLibreChat has Insufficient Access Control for Agent FilesEPSS 0.3%CVE-2025-66451MEDIUMLibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission ChangesEPSS 0.3%CVE-2025-7105MEDIUMDenial of Service via JavaScript Memory Overflow in danny-avila/librechatEPSS 0.3%CVE-2025-7104MEDIUMMass Assignment in danny-avila/librechatEPSS 0.3%CVE-2026-44653MEDIUMLibreChat Shared MCP Server View Leaks Decrypted Admin SecretsEPSS 0.3%CVE-2025-6088MEDIUMImproper Authorization in danny-avila/librechatEPSS 0.3%CVE-2026-44654MEDIUMLibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agentsEPSS 0.3%CVE-2026-34371MEDIUMLibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename TraversalEPSS 0.3%CVE-2025-7106MEDIUMAuthorization Bypass due to Incorrect Access Control in danny-avila/librechatEPSS 0.3%CVE-2026-54037MEDIUMLibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/forkEPSS 0.3%CVE-2026-31945HIGHLibreChat Server-Side Request Forgery using DNS resolutionEPSS 0.2%CVE-2025-66201HIGHLibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions CapabilityEPSS 0.2%CVE-2026-31944HIGHLibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect linkEPSS 0.2%CVE-2026-31951MEDIUMLibreChat's MCP Server Header Injection Enables OAuth Token TheftEPSS 0.2%CVE-2026-54024MEDIUMLibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size LimitsEPSS 0.2%CVE-2025-69221MEDIUMLibreChat has Insufficient Access Control for Agent Permission QueriesEPSS 0.2%CVE-2026-31943HIGHLibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIPEPSS 0.2%CVE-2026-31950MEDIUMLibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' ChatsEPSS 0.2%CVE-2026-31942HIGHLibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keysEPSS 0.2%CVE-2026-54033HIGHLibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLsEPSS 0.2%