Lucene search
K

143 matches found

Exploit DB
Exploit DB
added 2025/07/22 12:0 a.m.245 views

Discourse 3.1.1 - Unauthenticated Chat Message Access

!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...

7.5CVSS7.4AI score0.01814EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/31 3:52 p.m.9 views

CVE-2025-48473

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...

5.3CVSS6.9AI score0.00321EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/29 3:27 p.m.9 views

CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...

5.3CVSS6.9AI score0.00321EPSS
Exploits1References2
CVE
CVE
added 2025/05/29 3:27 p.m.53 views

CVE-2025-48473

CVE-2025-48473 affects FreeScout prior to v1.8.179: when creating a conversation from a message in another conversation, the system does not validate that the user has view permissions, allowing access to arbitrary messages across mailboxes/conversations. The restriction enforced by show_only_ass...

5.3CVSS6.5AI score0.00321EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.13 views

CVE-2023-2792

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...

6.5CVSS6.8AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.13 views

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

9.6CVSS6.7AI score0.00523EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:44 p.m.13 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS6.7AI score0.00609EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.19 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS6.7AI score0.00756EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.6 views

CVE-2022-30716

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device...

5.3CVSS6.5AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.10 views

CVE-2021-32689

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

8.1CVSS6.6AI score0.01EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:20 p.m.11 views

CVE-2018-14991

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of...

9.8CVSS7AI score0.01919EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:10 p.m.6 views

CVE-2018-15661

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does...

7.5CVSS6.9AI score0.01227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.15 views

CVE-2019-15346

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

7.8CVSS7.2AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:38 p.m.7 views

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...

7.8CVSS6.9AI score0.03461EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-23177 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.179 Description: The issue allows users to view arbitrary messages from other mailboxes or conversations they do not have access to, due to a lack of checks when creating a conversation from a message in anothe...

5.5CVSS6.4AI score0.00321EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.8 views

PT-2025-23257 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the...

6.8CVSS5.9AI score0.00222EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2025/04/29 7:47 a.m.1 views

SUSE CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS6.7AI score0.00412EPSS
Exploits0References3
CVE
CVE
added 2025/01/30 11:11 a.m.52 views

CVE-2025-0740

CVE-2025-0740 concerns an improper access control in EmbedAI (versions 2.1 and below). An authenticated attacker can access other users’ chat messages by altering the chat_id parameter in the endpoint /embedai/chats/load_messages?chat_id=. Documents consistently describe the vulnerability as an a...

8.6CVSS8.4AI score0.00322EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.7 views

PT-2025-3273 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...

5.4CVSS5.9AI score0.00386EPSS
Exploits1References7
CVE
CVE
added 2024/12/06 6:16 p.m.81 views

CVE-2024-47791

CVE-2024-47791 affects Ruijie Reyee OS (MQTT broker) versions 2.206.x up to but not including 2.320.x. The issue is a weak mechanism around topic handling that could let an attacker subscribe to partial possible topics and receive partial messages exchanged with devices. Several connected sources...

8.7CVSS7.3AI score0.00387EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder