UBUNTU-CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

CVE-2025-3645

CVE-2025-3645 : In Moodle, insufficient capability checks in a messaging web service allow a user to view other users’ names and online statuses. Documents confirm Moodle as affected; impact is user information disclosure (names and presence). Base score 4.3 (Medium) per CVSS 3.1 metrics. No expl...

CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

The dangers of web based messaging apps

TL;DR Anyone with a web browser and access to your phone in an unlocked state could potentially set up persistent access to your secure messaging platforms without needing to know your credentials!. Whilst this clearly requires unfettered access to your phone, scenarios such as screen replacement...

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity...

CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

PT-2025-17920

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in the messaging web service of Moodle, where insufficient capability checks allowed users to view other users' names and online statuses. Recommendations At the moment, there...

pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net

A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...

FreeBSD : ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id (1b8d502e-1cfd-11f0-944d-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b8d502e-1cfd-11f0-944d-901b0e9408dc advisory. ejabberd team reports: Fixed issue with handling of user provided occupant-id in messages and presences...

CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from Chamilo Open Source. The system supports the creation of instructional content, remote training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.28, which stems from th...

[SECURITY] Fedora 42 Update: matrix-synapse-1.127.1-1.fc42

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

The vulnerability of the NATS messaging system’s server lies in the lack of access control elements for the JetStream API. This allows attackers to delete data.

The vulnerability of the NATS messaging system server is related to the lack of access control elements for the JetStream API. Exploiting this vulnerability could allow a malicious actor to delete data by sending specially crafted requests...

Moodle 4.3.x < 4.3.8 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

Moodle 4.2.x < 4.2.11 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...

The vulnerability of the slim_do_transfer() function in the driver’s code (drivers/slimbus/messaging.c) in Linux kernel allows a hacker to cause a service failure.

The vulnerability of the slimdotransfer function in the driver’s code drivers/slimbus/messaging.c in Linux operating systems is related to improper release of resources. Exploiting this vulnerability could allow an attacker to cause service failures...

Toll fee scams are back and heading your way

Back in August 2024, we warned about a relatively new type of SMS phishing or smishing scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US...

[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-4.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-4.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...