CVE-2026-8406

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

CVE-2026-8406

openSIS Classic 9.3 is affected by an insecure direct object reference in the messaging module. An authenticated user with access to messaging can request details of sent messages by supplying an arbitrary mail_id to modules/messaging/SentMail.php, exposing potentially sensitive information. No e...

openSIS Classic 安全漏洞

openSIS Classic is an easy-to-use student information system developed under Open Solutions for Education. It is used to organize student information and school-related operations, thereby improving the efficiency of K-12, trade schools, and higher education school systems. Version 9.3 of openSIS...

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

CVE-2023-40648

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

EUVD-2011-1081

Malware in sbrugna...

EUVD-2024-45381

Malicious code in bioql PyPI...

CVE-2025-22926

CVE-2025-22926 affects OS4ED openSIS versions 8.0–9.1. The issue is a directory traversal vulnerability triggered by a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename, allowing traversal outside the intended directory. Affects file- or path-based access as d...

CVE-2024-51518

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-51518

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-51518

Huawei HarmonyOS is affected by CVE-2024-51518 in the Advanced Messaging Module (also referenced as Enhanced Messages in related entries). The root cause is that message types are not verified/unchecked within the module, which can impact availability if exploited. Affected component: Advanced Me...

PT-2024-34681 · Unknown · Advanced Messaging Module

Name of the Vulnerable Software and Affected Versions: Advanced Messaging Module affected versions not specified Description: The issue concerns the verification of message types in the advanced messaging module. Successful exploitation may affect availability. Recommendations: At the moment, the...

CVE-2023-40643

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-40649

In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

The vulnerability of the EMUI messaging module of the HarmonyOS operating system allows a hacker to compromise the confidentiality of the protected information.

The vulnerability of the EMUI messaging module of the HarmonyOS operating system is related to the use of a weak encryption mechanism when sending 5G messages. Exploiting this vulnerability could allow an attacker to compromise the confidentiality of the information being protected...

vtenext cross-site scripting vulnerability

vtenext is a unique open source CRM + BPM solution for comprehensive management of leads, contacts and customers. A cross-site scripting vulnerability exists in the Messaging module of vtenext version 19 CE. The vulnerability can be exploited to inject arbitrary JavaScript code via the "From" fie...

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

SQL Injection Vulnerability in the Messaging Module of SMiCMS School Group System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. SQL injection vulnerability exists in the station message module of the State Micro CMS school station group system. Attackers can use the...