Lucene search
K

298 matches found

NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48715

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 8:17 p.m.11 views

CVE-2026-11584

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS0.00204EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6.5CVSS5.5AI score0.00247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.28 views

PT-2026-41861

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS5.9AI score0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 6:58 a.m.24 views

CVE-2026-3495

CVE-2026-3495 affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. The root cause is failure to escape certain variables during error page composition, enabling an attacker with access to edit site configuration to inject JavaScript and execute malicious code. The connected...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 5:16 p.m.13 views

CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6.5CVSS0.00247EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:33 p.m.5 views

CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6CVSS5.8AI score0.00247EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:33 p.m.5 views

CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6CVSS5.8AI score0.00247EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/12 4:33 p.m.10 views

EUVD-2026-29537

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6CVSS5.8AI score0.00247EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 4:33 p.m.15 views

CVE-2026-40300

Summary of vulnerability (CVE-2026-40300) Affected software: Zulip open-source team collaboration tool (prior to version 12.0). Root cause: When message_edit_history_visibility_policy is set to the value "moves", the endpoint /api/v1/messages/{id}/history continues to return historical content va...

6.5CVSS5.8AI score0.00247EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Zulip 访问控制错误漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Prior to Zulip 12.0, there was an access control vulnerability. This vulnerability occurred when...

6.5CVSS5.8AI score0.00247EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/27 6:30 a.m.6 views

EUVD-2026-25785

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

5.3CVSS3.9AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/24 9:31 p.m.4 views

EUVD-2026-14949

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

5.9AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

7.3CVSS5.5AI score0.00198EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.4 views

CVE-2023-40456

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory...

3.3CVSS6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.4 views

CVE-2023-40520

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory...

3.3CVSS6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.6 views

CVE-2019-20870

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID...

4.3CVSS6.9AI score0.00703EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1700

Name of the Vulnerable Software and Affected Versions WebConsole affected versions not specified Description The Report Builder component stores user input directly into a web page and displays it to other users, potentially leading to a Cross-Site Scripting XSS attack. The scripts are executed...

5.4CVSS5.6AI score0.00149EPSS
Exploits0References5
Rows per page
Query Builder