111 matches found
CVE-2025-10707 JeecgBoot sendMsg improper authorization
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...
SUSE CVE-2023-53218
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
Linux Distros Unpatched Vulnerability : CVE-2023-53218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and...
AZL-71227 CVE-2023-53218 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
UBUNTU-CVE-2023-53218
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...
UBUNTU-CVE-2023-53240
In the Linux kernel, the following vulnerability has been resolved: xsk: check IFFUP earlier in Tx path Xsk Tx can be triggered via either sendmsg or poll syscalls. These two paths share a call to common function xskxmit which has two sanity checks within. A pseudo code example to show the two...
CVE-2023-53240
The CVE-2023-53240 issue concerns the Linux kernel’s xsk path. If a napi id is marked on an interface not brought up, xsk_sendmsg /xsk_poll can call xsk_xmit(), which may dereference a NULL pointers to xs->dev when IFF_UP is not set, causing a kernel NULL pointer dereference. The fix restructu...
PT-2025-37681
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability exists in the Linux kernel related to the xsk socket kernel functionality. Specifically, the issue involves a potential NULL pointer dereference in the xsk transmit Tx pa...
SUSE CVE-2025-39758
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix the sendmsg byte count in siwtcpsendpages Ever since commit c2ff29e99a76 "siw: Inline dotcpsendpages", we have been doing this: static int siwtcpsendpagesstruct socket s, struct page page, int offset, sizet size ......
code-projects Public Chat Room 注入漏洞
Code-Projects Public Chat Room is an open source public chat room software from Code-Projects. An injection vulnerability exists in code-projects Public Chat Room version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file sendmessage.php...
UBUNTU-CVE-2025-38190
In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to sk-skwmemalloc by atmaccounttx. It is expected to be reverted by atmpopraw later called by vcc-dev-ops-sendvcc, skb. However, vccsendms...
PT-2025-27965
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been resolved, related to the Asynchronous Transfer Mode ATM protocol. The problem occurs when the copy from iter full function fails in vcc sendmsg,...
📄 Adapt CMS 3.0.3 Cross Site Scripting
Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability in the Send Message functionality. Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
SUSE CVE-2025-23142
In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctpsendmsg re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then...
Dolphin Pro 7.4.2 Cross Site Scripting
Dolphin Pro version 7.4.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS via Send Message Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...
SUSE CVE-2022-49207
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in skpsockqueuemsg If tcpbpfsendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 redirect sk2 sk2 -------------------...
UBUNTU-CVE-2022-49420
In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk-skbounddevif UDP sendmsg is lockless, and reads sk-skbounddevif while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add...
CVE-2025-0403
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. Th...
PT-2024-36454 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /send message.php endpoint of the Kashipara E-learning Management System. This issue allows remote attackers to execute...
PT-2024-36453 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...