Lucene search
K

317 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-62328

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-289 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.02344EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.9 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41190

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...

7.1CVSS5.5AI score0.00211EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/01 12:6 p.m.24 views

How to Get the Most From Your Explainer Video Production Services

Video can simplify a hard offer, shorten sales conversations, and improve recall. Those gains depend on disciplined planning…...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/29 8:16 p.m.13 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:47 p.m.8 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreeScout 授权问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:7 p.m.8 views

CVE-2026-44706

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:7 p.m.10 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
CVE
CVE
added 2026/05/26 5:7 p.m.30 views

CVE-2026-44706

Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/22 12:31 a.m.16 views

EUVD-2026-31349

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 9:4 p.m.22 views

CVE-2026-8238

Concrete CMS versions 9.5.0 and earlier are vulnerable to an IDOR at the endpoint /ccm/frontend/conversations/message_page, which exposes full content of any conversation message and file attachments via unauthenticated access. An attacker can enumerate messages from restricted pages, member-only...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:1 p.m.6 views

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 9:0 p.m.7 views

CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42560

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder