147 matches found
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
CVE-2026-36228 affects Easy Chat Server 3.1 in the chat message handling (mtowho field). The description states a buffer overflow that can allow a remote attacker to obtain sensitive information and execute arbitrary code; a linked exploit PoC and mirrors indicate a remote DoS condition via overs...
PT-2026-42805
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
CVE-2026-36228
Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...
EUVD-2026-27504
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950
CVE-2026-41950 affects Dify before version 1.14.0. An authorization bypass in the chat-messages flow allows an authenticated user to read full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. The ro...
CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...
PT-2026-37239
Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.0 Description An authorization bypass allows authenticated users to read the full contents of files uploaded by other users within the same tenant. This occurs due to insufficient permission verification in the...
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 0.3.4 and 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from ChatWorkflow.chatmessage, which directly passed its string...
CVE-2026-4982 Unauthorized access to chat contents
A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...
CVE-2026-4982
A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...
PT-2026-28703
Name of the Vulnerable Software and Affected Versions Venueless affected versions not specified Description A user possessing the "update world" permission within any Venueless world can potentially extract chat messages from direct messages or channels in other worlds on the same server. This is...
CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
EUVD-2026-9981
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions — including sending chat messages and submitting game inputs — by...
dify 跨站脚本漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.11.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the relaxed security settings when Mermaid charts were rendered in chat messages, potentially leading to...