Lucene search
K

111 matches found

OSV
OSV
added 2025/09/19 11:32 a.m.4 views

CVE-2025-10707 JeecgBoot sendMsg improper authorization

A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be...

5.3CVSS6.2AI score0.00365EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2025/09/17 11:29 p.m.3 views

SUSE CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

5.5CVSS6.4AI score0.00151EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-53218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and...

7.8CVSS7.1AI score0.00151EPSS
Exploits0References4
OSV
OSV
added 2025/09/15 3:15 p.m.5 views

AZL-71227 CVE-2023-53218 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

7.8CVSS5.6AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 3:15 p.m.4 views

UBUNTU-CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

7.8CVSS5.7AI score0.00151EPSS
Exploits0References6
OSV
OSV
added 2025/09/15 3:15 p.m.6 views

UBUNTU-CVE-2023-53240

In the Linux kernel, the following vulnerability has been resolved: xsk: check IFFUP earlier in Tx path Xsk Tx can be triggered via either sendmsg or poll syscalls. These two paths share a call to common function xskxmit which has two sanity checks within. A pseudo code example to show the two...

5.5CVSS5.7AI score0.00143EPSS
Exploits0References6
CVE
CVE
added 2025/09/15 2:22 p.m.68 views

CVE-2023-53240

The CVE-2023-53240 issue concerns the Linux kernel’s xsk path. If a napi id is marked on an interface not brought up, xsk_sendmsg /xsk_poll can call xsk_xmit(), which may dereference a NULL pointers to xs->dev when IFF_UP is not set, causing a kernel NULL pointer dereference. The fix restructu...

5.5CVSS6AI score0.00143EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.6 views

PT-2025-37681

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability exists in the Linux kernel related to the xsk socket kernel functionality. Specifically, the issue involves a potential NULL pointer dereference in the xsk transmit Tx pa...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2025/09/11 11:24 p.m.11 views

SUSE CVE-2025-39758

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix the sendmsg byte count in siwtcpsendpages Ever since commit c2ff29e99a76 "siw: Inline dotcpsendpages", we have been doing this: static int siwtcpsendpagesstruct socket s, struct page page, int offset, sizet size ......

5.5CVSS6.5AI score0.00145EPSS
Exploits0References21
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.8 views

code-projects Public Chat Room 注入漏洞

Code-Projects Public Chat Room is an open source public chat room software from Code-Projects. An injection vulnerability exists in code-projects Public Chat Room version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file sendmessage.php...

8.8CVSS6.9AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2025/07/04 2:15 p.m.6 views

UBUNTU-CVE-2025-38190

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to sk-skwmemalloc by atmaccounttx. It is expected to be reverted by atmpopraw later called by vcc-dev-ops-sendvcc, skb. However, vccsendms...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.4 views

PT-2025-27965

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been resolved, related to the Asynchronous Transfer Mode ATM protocol. The problem occurs when the copy from iter full function fails in vcc sendmsg,...

5.5CVSS6AI score0.00164EPSS
Exploits0
Packet Storm
Packet Storm
added 2025/06/03 12:0 a.m.93 views

📄 Adapt CMS 3.0.3 Cross Site Scripting

Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability in the Send Message functionality. Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...

6.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/05/02 2:3 a.m.4 views

SUSE CVE-2025-23142

In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctpsendmsg re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then...

5.5CVSS7.5AI score0.00185EPSS
Exploits0References16
Packet Storm
Packet Storm
added 2025/03/25 12:0 a.m.210 views

Dolphin Pro 7.4.2 Cross Site Scripting

Dolphin Pro version 7.4.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS via Send Message Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/27 3:10 a.m.3 views

SUSE CVE-2022-49207

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in skpsockqueuemsg If tcpbpfsendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 redirect sk2 sk2 -------------------...

5.5CVSS6.8AI score0.00252EPSS
Exploits0References5
OSV
OSV
added 2025/02/26 7:1 a.m.3 views

UBUNTU-CVE-2022-49420

In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk-skbounddevif UDP sendmsg is lockless, and reads sk-skbounddevif while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References5
OSV
OSV
added 2025/01/13 12:15 a.m.4 views

CVE-2025-0403

A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. Th...

6.9CVSS5.4AI score0.00506EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.11 views

PT-2024-36454 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /send message.php endpoint of the Kashipara E-learning Management System. This issue allows remote attackers to execute...

5.4CVSS6.5AI score0.00395EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.5 views

PT-2024-36453 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...

5.4CVSS6.4AI score0.0038EPSS
Exploits1References6
Rows per page
Query Builder