CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,0...

Unblu Spark 安全漏洞

Unblu Spark is a key component in a conversation-centered digital customer experience platform from Swiss company Unblu. A security vulnerability exists in Unblu Spark that stems from the ability of conversation participants to replace uploaded files...

EulerOS 2.0 SP3 : irssi (EulerOS-SA-2021-1803)

According to the version of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow...

EulerOS 2.0 SP5 : irssi (EulerOS-SA-2021-1197)

According to the version of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow...

CVE-2020-25824

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export...

CVE-2016-7553

CVE-2016-7553 affects Irssi prior to 0.8.20 via the buf.pl script (before version 2.20) that creates a scrollbuffer dump file with weak permissions. This could allow local users to read private chat conversations by accessing the dump file created during upgrades. The available connected document...

CVE-2016-7553

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file...

CVE-2016-7553

The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file...

CVE-2005-2956

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files...

CVE-2005-2956

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files...