317 matches found
EUVD-2026-43548
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-62328
Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...
CVE-2026-62328
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
PYSEC-2026-289 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE
Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...
CVE-2026-56077
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41190
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...
How to Get the Most From Your Explainer Video Production Services
Video can simplify a hard offer, shorten sales conversations, and improve recall. Those gains depend on disciplined planning…...
CVE-2026-48810
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...
CVE-2026-48811
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...
FreeScout 授权问题漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...
CVE-2026-44706
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...
CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...
CVE-2026-44706
Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...
EUVD-2026-31349
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8238
Concrete CMS versions 9.5.0 and earlier are vulnerable to an IDOR at the endpoint /ccm/frontend/conversations/message_page, which exposes full content of any conversation message and file attachments via unauthenticated access. An attacker can enumerate messages from restricted pages, member-only...
CVE-2026-8237
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
PT-2026-42560
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...