Lucene search
K

159 matches found

OSV
OSV
added 4 days ago5 views

BIT-ACTIVEMQ-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.9AI score0.00563EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

DEBIAN-CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:50 a.m.8 views

CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

5.7AI score0.00563EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/30 9:50 a.m.25 views

CVE-2026-52760

CVE-2026-52760 is a Cross-site Scripting vulnerability in Apache ActiveMQ and its Web Console. The issue arises because the browse page renders a JMS message ID directly without sanitization, enabling an authenticated producer to send a crafted message ID that contains HTML/JavaScript, which will...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53843

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ Web Console versions prior to 5.19.8 Apache ActiveMQ Web Console versions 6.0.0 through 6.2.6 Description An issue exists where the browse pa...

6.1CVSS6AI score0.00563EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.2AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39971

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...

7.2CVSS5.5AI score0.00255EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:2 a.m.14 views

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:51 p.m.34 views

CVE-2026-47123 FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS0.00145EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:51 p.m.15 views

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44993

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 9:0 p.m.6 views

CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 4:43 a.m.10 views

CVE-2026-32994

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 4:43 a.m.11 views

EUVD-2026-30835

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41825

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 8:29 p.m.25 views

CVE-2026-45385

Summary (grounded): Open WebUI (self-hosted offline AI) contains an IDOR vulnerability in the update_message_by_id API for channels of type group/dm. In these paths, the code only verifies that the caller is a channel member (is_user_channel_member) and does not confirm message ownership, enablin...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 8:29 p.m.45 views

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

4.3CVSS0.00204EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:0 a.m.9 views

CVE-2026-8131 SourceCodester SUP Online Shopping replymsg.php sql injection

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
Rows per page
Query Builder