Lucene search
K

127 matches found

Cvelist
Cvelist
added 2025/09/25 1:19 p.m.10 views

CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others

Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversationid=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query...

6CVSS0.0023EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-9240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial ...

7.5CVSS7.2AI score0.01897EPSS
Exploits0References2
OSV
OSV
added 2025/07/22 3:15 a.m.7 views

CVE-2025-7951

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /sendmessage.php. The manipulation of the argument chatmsg/yourname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

5.4CVSS3.9AI score0.00313EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.6 views

Code-Projects Public Chat Room 代码注入漏洞

Code-Projects Public Chat Room is Code-Projects open source public chat room software. Code-Projects Public Chat Room version 1.0 suffers from a code injection vulnerability, which originates from a cross-site scripting attack due to incorrect manipulation of the chatmsg/yourname parameter in the...

5.4CVSS4.7AI score0.00313EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.248 views

Discourse 3.1.1 - Unauthenticated Chat Message Access

!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...

7.5CVSS7.4AI score0.01814EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.13 views

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

9.6CVSS6.7AI score0.00523EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.10 views

CVE-2021-32689

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

8.1CVSS6.6AI score0.01EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:51 p.m.25 views

CVE-2020-12772

An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...

8.8CVSS6.8AI score0.0174EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 a.m.10 views

CVE-2012-0916

Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file...

9.3CVSS8.4AI score0.03459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:35 p.m.7 views

CVE-2002-2173

Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message...

7.5CVSS8.3AI score0.03135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/07 7:14 p.m.20 views

CVE-2025-46719

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS6.8AI score0.00449EPSS
Exploits1References1
OSV
OSV
added 2025/05/05 6:50 p.m.8 views

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

6.4CVSS6.8AI score0.00449EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:38 p.m.15 views

CVE-2020-6109

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a...

9.8CVSS7.4AI score0.04914EPSS
Exploits1References1
OSV
OSV
added 2025/01/30 11:15 a.m.5 views

CVE-2025-0741

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...

4.3CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2025/01/30 11:15 a.m.9 views

CVE-2025-0740

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...

8.6CVSS0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/30 11:13 a.m.17 views

CVE-2025-0741 Improper Access Control vulnerability in EmbedAI

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chatid" of the POST request "/embedai/chats/sendmessage"...

5.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 11:11 a.m.52 views

CVE-2025-0740

CVE-2025-0740 concerns an improper access control in EmbedAI (versions 2.1 and below). An authenticated attacker can access other users’ chat messages by altering the chat_id parameter in the endpoint /embedai/chats/load_messages?chat_id=. Documents consistently describe the vulnerability as an a...

8.6CVSS8.4AI score0.00322EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-4036 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI affected versions not specified Description: A Stored Cross-Site Scripting issue has been found, allowing an authenticated attacker to inject malicious JavaScript code into a message that will be executed when a user opens the chat...

8.6CVSS6.1AI score0.00229EPSS
Exploits0References6
OSV
OSV
added 2024/10/11 10:50 a.m.13 views

BIT-DISCOURSE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

6.5CVSS6.8AI score0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could execute arbitrary JavaScript on a user...

6.5CVSS6.2AI score0.00331EPSS
Exploits0References3
Rows per page
Query Builder