Lucene search
+L

231 matches found

OSV
OSV
added 2025/05/08 4:15 p.m.8 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.1CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/05/08 4:15 p.m.4 views

UBUNTU-CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.1CVSS5.9AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.17 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/08 12:0 a.m.7 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.3AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 12:0 a.m.60 views

CVE-2025-43926

Znuny vulnerability CVE-2025-43926 affects versions 6.5.14 and 7.x up to 7.1.6. The issue arises from Custom AJAX calls to AgentPreferences UpdateAJAX, allowing arbitrary keys to be set as user preferences. When GetUserData fetches data, these keys/values are passed to other function calls and ma...

6.1CVSS6.6AI score0.00202EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/28 6:9 p.m.22 views

CVE-2025-24972

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS7AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2025/03/28 12:34 p.m.9 views

MAL-2025-2829 Malicious code in @uniqa/user-preferences-ms-spec-api (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2025/03/28 9:46 a.m.45 views

BIT-DISCOURSE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS4.7AI score0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/26 2:15 p.m.9 views

CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS7AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:15 p.m.67 views

CVE-2025-24972

Discourse (open-source platform) has a vulnerability CVE-2025-24972 affecting group direct messages. In affected releases (before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch), a user could be added to a group DM even if direct messaging was disabled in their preferences. ...

4.3CVSS7AI score0.00351EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/26 2:15 p.m.26 views

CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

4.3CVSS0.00351EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 7:14 a.m.9 views

BIT-MATTERMOST-2024-28949

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...

6.5CVSS5.1AI score0.00562EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/25 5:15 p.m.3 views

CVE-2022-30361

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, roles, user type, license type, and personal detai...

5.3CVSS5.8AI score0.00366EPSS
Exploits1References2
NVD
NVD
added 2024/10/25 5:15 p.m.34 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

5.4CVSS0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.15 views

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

6.6AI score0.00274EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/07/10 12:0 a.m.7 views

The vulnerability of the RoundCube Webmail email client stems from insufficient protection of the website’s structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the RoundCube Webmail email client is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using columns from user preferences lists...

5.3CVSS6.8AI score0.00498EPSS
Exploits0References6Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.35 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...

6.1CVSS7.4AI score0.75873EPSS
Exploits7References5
Ubuntu
Ubuntu
added 2024/06/25 6:16 p.m.57 views

USN-6848-1: Roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-5631 Rene...

6.1CVSS7.1AI score0.75873EPSS
Exploits7References1
OSV
OSV
added 2024/06/25 6:16 p.m.4 views

USN-6848-1 roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-5631 Rene...

6.1CVSS6.5AI score0.75873EPSS
Exploits7References6
Redos
Redos
added 2024/06/18 12:0 a.m.32 views

ROS-20240618-01

A vulnerability in the SVG Handler component of the RoundCube email client is related to cross-site scripting attacks. Exploitation of the vulnerability could allow an attacker acting remotely to exploit XSS via the SVG animation attributes. Vulnerability in the User Preferences Handler component...

6.1CVSS5.4AI score0.73296EPSS
Exploits5
Rows per page
Query Builder