Lucene search
+L

162 matches found

circl
circl
added 2023/04/20 6:30 p.m.9 views

CVE-2023-27652

creationtimestamp| type| source ---|---|--- 2023-04-20 18:30:57+00:00| seen| https://t.me/cibsecurity/62529...

5.5CVSS5.5AI score0.00347EPSS
Exploits1References1
cnvd
cnvd
added 2022/09/28 12:0 a.m.18 views

Rocket.Chat actionLinkHandler Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...

4.3CVSS4.2AI score0.00673EPSS
Exploits1References1
nvd
nvd
added 2022/09/23 7:15 p.m.19 views

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

4.3CVSS0.00673EPSS
Exploits1References1
prion
prion
added 2022/09/23 7:15 p.m.18 views

Information disclosure

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

4CVSS4.4AI score0.00673EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2022/09/23 6:28 p.m.5 views

CVE-2022-32218

An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries...

4.4AI score0.00673EPSS
Exploits1References1
cve
cve
added 2022/09/23 6:28 p.m.62 views

CVE-2022-32218

CVE-2022-32218 – Rocket.Chat information disclosure : The vulnerability stems from actionLinkHandler/ actionLinks.getMessage not validating input, allowing authenticated users to enumerate Message IDs via a regex MongoDB query. Impact: potential exposure of sensitive information by enumerating ex...

4.3CVSS4.3AI score0.00673EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2022/09/23 12:0 a.m.8 views

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...

4.3CVSS6.1AI score0.00673EPSS
Exploits1References2
circl
circl
added 2022/08/28 12:31 a.m.7 views

CVE-2022-38792

creationtimestamp| type| source ---|---|--- 2022-08-28 00:31:38+00:00| seen| https://t.me/cibsecurity/48939...

9.8CVSS8.6AI score0.01178EPSS
Exploits0References1
circl
circl
added 2022/08/05 12:19 a.m.6 views

CVE-2022-35144

creationtimestamp| type| source ---|---|--- 2022-08-05 00:19:50+00:00| seen| https://t.me/cibsecurity/47589...

4.8CVSS6.3AI score0.00724EPSS
Exploits3References1
ptsecurity
ptsecurity
added 2022/06/01 12:0 a.m.6 views

PT-2022-4943 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An information disclosure issue exists due to insufficient input validation in the actionLinkHandler method, allowing Message...

4.3CVSS4.2AI score0.00673EPSS
Exploits1References7
osv
osv
added 2022/05/16 3:15 p.m.3 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS5.8AI score
Exploits0References1
osv
osv
added 2022/04/21 8:15 p.m.4 views

CVE-2022-28427

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=...

9.8CVSS5.8AI score0.0122EPSS
Exploits1References1
attackerkb
attackerkb
added 2022/04/21 8:15 p.m.4 views

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

9.8CVSS5.9AI score0.0122EPSS
Exploits1References2
circl
circl
added 2022/02/10 2:19 a.m.8 views

CVE-2022-21174

creationtimestamp| type| source ---|---|--- 2022-02-10 02:19:19+00:00| seen| https://t.me/cibsecurity/37159...

7.8CVSS7.5AI score0.00256EPSS
Exploits0References1
osv
osv
added 2021/12/21 9:15 a.m.4 views

CVE-2021-24941

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the messageid parameter of the getmessageactionrow AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.008EPSS
Exploits2References1
cnnvd
cnnvd
added 2021/12/21 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress icegram plugin in versions prior to 2.0.5 has a...

6.1CVSS5.4AI score0.008EPSS
Exploits2References1
friendsofphp
friendsofphp
added 2021/06/16 4:20 p.m.37 views

Untrusted code may be run from an overridden address validator

This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...

8.1CVSS8AI score0.02803EPSS
Exploits0Affected Software1
opensuse
opensuse
added 2021/05/09 12:0 a.m.35 views

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

7.5CVSS6.9AI score0.01823EPSS
Exploits0References1
nessus
nessus
added 2021/02/01 12:0 a.m.53 views

CentOS 8 : thunderbird (CESA-2020:0577)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0577 advisory. - Mozilla: Message ID calculation was based on uninitialized data CVE-2020-6792 - Mozilla: Out-of-bounds read when processing certain email messages...

8.8CVSS7.3AI score0.02274EPSS
Exploits1References7
nessus
nessus
added 2020/04/22 12:0 a.m.50 views

Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4335-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an...

9.8CVSS8.1AI score0.43422EPSS
Exploits18References40
Rows per page
Query Builder