CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

UBUNTU-CVE-2026-4649

Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...

CVE-2026-4649 Auth bypass in Apache Artemis allows reading all internal messages

Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...

KNIME Business Hub 安全漏洞

KNIME Business Hub is a corporate software developed by KNIME GmbH, designed for automation in data science, model deployment, team collaboration, and workflow management. There is a security vulnerability in KNIME Business Hub, which stems from an authentication bypass mechanism. This...

EUVD-2026-13219

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...

CVE-2026-25767

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

EUVD-2008-7006

Malware in sbrugna...

PT-2025-32857

Name of the Vulnerable Software and Affected Versions: Microsoft Teams versions prior to 25122.1415.3698.6812 Description: A heap-based buffer overflow exists in Microsoft Teams, potentially allowing an unauthorized attacker to execute code over a network. Exploitation may involve malicious links...

CVE-2011-2774

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter...

PT-2023-30416 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 Description: The notification/messaging feature does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users, including those sent only to...

WordPress plugin WPQA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, whic...

CVE-2019-14475

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the...

CVE-2017-11136

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backen...

Drupal Token Insert Entity Module Information Disclosure Vulnerability

Drupal is a free and open source content management system developed in PHP.Token Insert Entity is one of the modules that provides the ability to embed tokens for opened entities or nodes. Drupal Token Insert Entity fails to properly check permissions, which can be exploited by remote attackers ...

Drupal Chat Room Module Information Disclosure Vulnerability

Drupal is a free and open source content management system developed in PHP. Chat Room is one of the modules used to set up the chat room feature on the Drupal website. Drupal Chat Room fails to properly check permissions when setting up websocket sockets for chat messages, which can be exploited...

CVE-2014-0357

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...

CVE-2011-2774

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter...