Chromium: CVE-2026-11163 Use after free in Messages

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11163

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-31281

CVE-2026-31281 — Totara LMS HTML Injection : Totara LMS v19.1.5 and earlier is described as vulnerable to HTML injection via a message sent to users, enabling the attacker to execute HTML/JS in the victim’s browser and potentially causing session hijacking and command execution on the user’s devi...

CVE-2025-15266 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possibl...

EUVD-2020-26728

Malware in sbrugna...

EUVD-2025-9027

Malicious code in bioql PyPI...

The vulnerability of the Messages component in operating systems such as watchOS, macOS, iOS, and iPadOS allows a hacker to carry out a zero-click attack.

The vulnerability of the Messages component in operating systems such as watchOS, macOS, iOS, and iPadOS is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to carry out a zero-click attack using a specially crafted iCloud link...

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3....

CVE-2022-1279

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...

CVE-2022-29232

BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a...

CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

SUSE SLES12 Security Update : openvpn (SUSE-SU-2025:1053-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1053-1 advisory. - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Tenable has extracted the preceding description...

CVE-2025-22311

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

Apple iOS和iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to 18.0.1 and iPadOS prior to 18.0.1, which stems from an audio message...

The vulnerability of the Messages component in operating systems iPadOS and iOS allows a hacker to send a text message from an additional eSIM card.

The vulnerability of the Messages component in iPadOS and iOS operating systems is related to state management errors. Exploiting this vulnerability allows a malicious actor to send text messages from an additional eSIM card remotely...

Poddycast 跨站脚本漏洞

Poddycast is an electronically produced podcasting application. A cross-site scripting vulnerability exists in Poddycast that stems from the product not clearing HTML special characters from podcast messages. An attacker could cause client-side code execution via this vulnerability. The following...

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

Unspecified Vulnerability in Messages Component of Multiple Apple Products

Apple iOS and others are products of Apple Inc.Apple iOS is a set of operating systems developed for mobile devices.Apple watchOS is a set of operating systems for smartwatches.Apple iPadOS is a set of operating systems for iPad tablets.Messages is one of the application components used to send...

Apple watchOS and iOS Messages have unspecified vulnerabilities

Apple iOS and Apple watchOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple watchOS is an operating system for smartwatches. messages is a component of the application used to send text, photos, and videos. A security vulnerability exists in th...

Apple watchOS Messages has an unspecified vulnerability

Apple watchOS is an operating system for smartwatches from Apple Inc. Messages is an application component for sending text, photos and videos. A security vulnerability exists in the Messages component in Apple watchOS versions prior to 5.3. After being removed from an iMessage call, an attacker...