Lucene search
+L

7 matches found

OSV
OSV
added 2026/05/28 4:1 a.m.2 views

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 4:43 a.m.14 views

EUVD-2026-30835

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:1653-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1653-1 advisory. Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1,...

8.1CVSS5.8AI score0.00147EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.8 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/03 7:42 a.m.6 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
CNVD
CNVD
added 2020/06/12 12:0 a.m.5 views

SSB-DB Information Disclosure Vulnerability

SSB-DB is a security information storage plug-in. An information disclosure vulnerability exists in SSB-DB version 20.0.0, which stems from the 'get' method that can decrypt any message and can be exploited by an attacker to access private data...

7.5CVSS6.3AI score0.01292EPSS
Exploits0References1
Rows per page
Query Builder