143 matches found
Discourse 3.1.1 - Unauthenticated Chat Message Access
!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...
CVE-2025-48473
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48473
CVE-2025-48473 affects FreeScout prior to v1.8.179: when creating a conversation from a message in another conversation, the system does not validate that the user has view permissions, allowing access to arbitrary messages across mailboxes/conversations. The restriction enforced by show_only_ass...
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
CVE-2022-2198
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...
CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
CVE-2022-30716
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device...
CVE-2021-32689
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...
CVE-2018-14991
The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of...
CVE-2018-15661
An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does...
CVE-2019-15346
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2002-2325
The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...
PT-2025-23177 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.179 Description: The issue allows users to view arbitrary messages from other mailboxes or conversations they do not have access to, due to a lack of checks when creating a conversation from a message in anothe...
PT-2025-23257 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the...
SUSE CVE-2025-43857
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...
CVE-2025-0740
CVE-2025-0740 concerns an improper access control in EmbedAI (versions 2.1 and below). An authenticated attacker can access other users’ chat messages by altering the chat_id parameter in the endpoint /embedai/chats/load_messages?chat_id=. Documents consistently describe the vulnerability as an a...
PT-2025-3273 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...
CVE-2024-47791
CVE-2024-47791 affects Ruijie Reyee OS (MQTT broker) versions 2.206.x up to but not including 2.320.x. The issue is a weak mechanism around topic handling that could let an attacker subscribe to partial possible topics and receive partial messages exchanged with devices. Several connected sources...