EUVD-2026-34636

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

PT-2026-46702

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews...

EUVD-2020-6064

Malware in sbrugna...

EUVD-2023-32056

Malicious code in bioql PyPI...

CVE-2024-46083

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...

CVE-2024-46083

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...

CVE-2024-46083

Scriptcase versions ≤ 9.10.023 are vulnerable to Cross-Site Scripting (XSS) via the messaging feature. An authenticated user can craft payloads that inject code into other users’ accounts, and regular users can trigger actions for administrator users. The vulnerability is confirmed across multipl...

PT-2024-31903 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase versions 9.10.023 and earlier Description: The issue allows an authenticated user to craft malicious payloads using the messages feature, enabling the injection of malicious code into any user's account on the platform. Regular use...

CVE-2023-1201

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...

PT-2023-16816 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.12 and below Description: The issue concerns improper access control in the secure messages feature, allowing an authenticated attacker with the message UUID to access the contained data. Recommendations: Fo...

Artica Pandora FMS Cross-Site Scripting Vulnerability (CNVD-2020-32915)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in the Messages feature in Artica Pandora FMS version 7.44. An attacker can...

CVE-2020-13853

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature...

CVE-2020-13853

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature...

CVE-2020-13853

Pandora FMS 7.44 is affected by CVE-2020-13853, a persistent Cross-Site Scripting (XSS) vulnerability in the Messages feature. The CoreLabs advisory details that an attacker can inject arbitrary JavaScript into messages, which is executed in the recipient’s browser and can facilitate session cook...

Cybozu Garoon vulnerable to cross-site scritping

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update t...

Facebook Patches Privacy Flaw in Pages Manager for Android

Facebook has plugged a privacy hole in its Pages Manager application for Android. Facebook Pages help businesses establish a presence on the social network, while the app enables an admin to manage posts, respond to comments and messages, push notifications to customers, manage photographs and...

Unrestricted file upload

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to 1 the showproject acti...