400 matches found
EUVD-2026-29169
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This...
Inbox Zero 信息泄露漏洞
Inbox Zero is an AI email assistant developed by Elie Steinbock. It automatically organizes the inbox, drafts responses, and manages schedules. Versions of Inbox Zero prior to 2.29.3 had a vulnerability related to information leakage. This vulnerability stemmed from the use of shared Redis...
PT-2026-39715
Name of the Vulnerable Software and Affected Versions Inbox Zero versions prior to 2.29.3 Description The cleaner email stream endpoint used a shared Redis subscription listener. This configuration could result in thread events for one authenticated account being delivered to another authenticate...
EUVD-2026-27848
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
CVE-2026-20035
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
CVE-2026-20035
Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
PT-2026-37649
Name of the Vulnerable Software and Affected Versions Cisco Unity Connection Web Inbox affected versions not specified Description Improper input validation for specific HTTP requests in the web UI allows an unauthenticated remote attacker to perform Server-Side Request Forgery SSRF, a technique...
Cisco Unity Connection Web Inbox 代码问题漏洞
Cisco Unity Connection Web Inbox is a voicemail access and management interface provided by the American company Cisco. There is a code vulnerability in Cisco Unity Connection Web Inbox, which stems from improper input validation for specific HTTP requests. This vulnerability could allow...
nanoclaw 路径遍历漏洞
Nanoclaw is a lightweight tool developed by Qwibit.ai, designed for securely running AI assistants within independent containers. Nanoclaw has a path traversal vulnerability. This vulnerability stems from issues with the host/container file system boundaries during outbound attachment processing...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. This vulnerability stemmed from the GET /conversation/undo-reply/threadid route, which...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
CVE-2026-34164
CVE-2026-34164 concerns Valtimo, where the InboxHandlingService logged the full content of incoming inbox messages at INFO level across versions 13.0.0–13.21.0. This exposed sensitive data (PII, BSN, case details) to anyone with log access or admin UI users. The issue was fixed in 13.22.0: the lo...
com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.21.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.21.0.RELEASE) +56 more potentially affected by CVE-2026-34164 via com.ritense.valtimo:inbox (>=13.0.0.RELEASE <=13.21.0.RELEASE)
com.ritense.valtimo:inbox MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE,...
com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.21.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.21.0.RELEASE) +56 more potentially affected by CVE-2026-34164 via com.ritense.valtimo:inbox (>=13.0.0.RELEASE <=13.21.0.RELEASE)
com.ritense.valtimo:inbox MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE,...