5 matches found
CVE-2026-50132 Budibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in Budibase
Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...
Zoom Client for Meetings < 5.7.3 Vulnerability (ZSB-21021)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.7.3. It is, therefore, affected by a vulnerability as referenced in the ZSB-21021 advisory. - The Zoom Client for Meetings before version 5.7.3 for Android, iOS, Linux, macOS, and Windows contain a server side...
CVE-2021-34425
The Zoom Client for Meetings before version 5.7.3 for Android, iOS, Linux, macOS, and Windows contain a server side request forgery vulnerability in the chat's "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat's "link preview" feature, a malicious actor...
CVE-2004-1511
Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window...