75 matches found
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
EUVD-2025-34741
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
EUVD-2014-5167
Malware in sbrugna...
EUVD-2008-6471
Malware in sbrugna...
EUVD-2008-6472
Malware in sbrugna...
EUVD-2011-4849
Malware in sbrugna...
EUVD-2014-5168
Malware in sbrugna...
EUVD-2008-5049
Malware in sbrugna...
CVE-2025-27827
Mitel MiContact Center Business legacy chat component (versions through 10.2.0.3) is affected by CVE-2025-27827 due to improper handling of session data, enabling an unauthenticated attacker to cause information disclosure. Exploitation requires user interaction and can lead to access to active c...
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...
BP Better Messages < 2.4.33 - Missing Authorization
Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 2.4.32. This is due to the plugin not properly verifying if a user should have access to a...
Discourse Information Disclosure Vulnerability (CNVD-2024-20430)
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse-reactions, which stems from the application's inadequate protection of sensitive information and can be...
Discourse Denial of Service Vulnerability
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a denial of service vulnerability that stems from the ability to create very long user arrays in the message serializer, which can be exploited...
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat...
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat...
Authorization
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat...
CVE-2022-23055
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat...