The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2025-47948

Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...

CVE-2025-3931

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

yggdrasil: Local privilege escalation in yggdrasil

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

kernel: rpmsg: char: Avoid double destroy of default endpoint

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsgdevremove in rpmsgcore is the place for releasing this default endpoint. So need to avoid destroying the default endpoint in rpmsgchrdeveptdevdestroy, this should be...

kernel: rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge

In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcomsmd: Fix refcount leak in qcomsmdparseedge ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done...

kernel: virtio/vsock: Improve MSG_ZEROCOPY error handling

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSGZEROCOPY error handling Add a missing kfreeskb to prevent memory leaks...

The Trump Administration Sure Is Having Trouble Keeping Its Comms Private

In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +103 more potentially affected by CVE-2025-27533 via org.apache.activemq:activemq-client (>=6.0.0 <=6.1.5)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2025-27533 Source advisory: OSV:GHSA-WHXR-3P84-RF3C...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +103 more potentially affected by CVE-2025-27533 via org.apache.activemq:activemq-client (>=6.0.0 <=6.1.5)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2025-27533 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-10074037...

CVE-2024-45575

creationtimestamp| type| source ---|---|--- 2025-05-07 04:21:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15258...

BIT-MOODLE-2024-43434 Moodle: csrf risk in feedback non-respondents report

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...

CVE-2025-32376 Discourse DM limits aren’t always properly enforced

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

CVE-2025-32376 Discourse DM limits aren’t always properly enforced

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

Metadata-Private Messaging without Coordination

For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the...

GHSA-PJ96-XH2W-FGQX Moodle has an IDOR in messaging web service which allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...

Moodle has an IDOR in messaging web service which allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...