EUVD-2025-205374

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...

CVE-2025-66378

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...

CVE-2025-66378

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...

SUSE CVE-2023-54112

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix memory leak in error path of kcmsendmsg syzbot reported a memory leak like below: BUG: memory leak unreferenced object 0xffff88810b088c00 size 240: comm "syz-executor186", pid 5012, jiffies 4294943306 age 13.680s hex dum...

CVE-2025-66378

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node...

PT-2025-53393

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 38.0 and 38.1 through 38.1 Description The software contains insufficient access control within its RTMP implementation. This allows an attacker to disconnect RTMP streams as they pass through a Proxy Node...

CVE-2021-47737

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...

CVE-2021-47737

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...

CVE-2021-47737

CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks...

CVE-2021-47737

CSZ CMS 1.2.7 exposes an HTML injection vulnerability in the member messaging system. The issue allows authenticated users to inject HTML hyperlinks into message titles by crafting POST requests to the member dashboard, enabling potential phishing or social engineering. Impact is limited to HTML ...

PT-2025-52837

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description An HTML injection issue exists in CSZ CMS that permits authenticated users to inject malicious hyperlinks into message titles. Attackers can create POST requests to the member messaging system using HTML-based...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from cross-site request forgery and could lead to elevation of privilege...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which originates from an image decompression bomb and may result in a denial of service...

CVE-2025-66911

Turms IM Server prior to 0.10.0-SNAPSHOT is affected by a broken access control vulnerability in the user online status query function. The handleQueryUserOnlineStatusesRequest() in UserServiceController.java lets any authenticated user query the online status, device information, and login times...

CVE-2025-68263

In CVE-2025-68263, the Linux kernel ksmbd IPC path had a use-after-free in ipc_msg_send_request caused by freeing entry->response without holding ipc_msg_table_lock while handle_response() can still write to it. The race occurs under high concurrency when handle_response() copies to entry->...

exordos-core (>=0.0.7 <=0.1.1), genesis-core (>=0.0.2 <=0.0.6) +3 more potentially affected by CVE-2025-68113 via altcha (=0.2.0)

altcha PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on altcha and may be impacted: - exordos-core =0.0.7, =0.0.2, =5.11.0, =0.1.0, =0.12.0 - wlhosted =2024.11.0 Source cves: CVE-2025-68113 Source advisory: OSV:GHSA-6GVQ-JCMP-8959...

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

📄 Chromodo Browser 45.8.12.391 Same Origin Policy Weakness

This proof of concept demonstrates message passing between two browser windows when opened under the same logical context same origin. It affect Chromodo Browser version 45.8.12.391...