Low
resolved
resolved
AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs
Bug reported by notnotnotveg was disclosed at August 25, 2025, 11:54 pm | Authentication Bypass Using an Alternate Path or Channel
High
resolved
resolved
Stored XSS in AREA tutorials
Bug reported by Ayush was disclosed at August 25, 2025, 12:39 pm | Cross-site Scripting (XSS) - Stored
A stored cross-site scripting (XSS) vulnerability was discovered in the AREA tutorials feature. The vulnerability could have allowed an attacker to inject malicious JavaScript code when publishing a tutorial. The vulnerability was reported and fixed by Autodesk.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
