Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

50 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-0129

Malware in sbrugna...

5.9CVSS5.9AI score0.00405EPSS
Exploits3References15
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-14703

Malware in sbrugna...

5.9CVSS5.9AI score0.00253EPSS
Exploits3References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-14691

Malware in sbrugna...

5.9CVSS5.9AI score0.00384EPSS
Exploits3References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2017-14690

Malware in sbrugna...

5.9CVSS5.9AI score0.00245EPSS
Exploits2References8
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-5591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the...

5.9CVSS6.2AI score0.00405EPSS
Exploits2References2
SUSE CVE
SUSE CVEadded 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

5.9CVSS6.8AI score0.00245EPSS
Exploits2References5
SUSE CVE
SUSE CVEadded 2023/02/15 4:49 a.m.2 views

SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

5.9CVSS6.6AI score0.00405EPSS
Exploits2References4
SUSE CVE
SUSE CVEadded 2023/02/15 4:49 a.m.2 views

SUSE CVE-2017-5603

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...

5.9CVSS6.7AI score0.00298EPSS
Exploits2References2
OSV
OSVadded 2022/05/13 1:28 a.m.22 views

GHSA-C35G-JR5F-H83P SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

5.9CVSS5.8AI score0.00405EPSS
Exploits3References13
OSV
OSVadded 2020/09/11 9:19 p.m.16 views

GHSA-W973-2QCC-P78X User Impersonation in converse.js

Versions of converse.js prior to 1.0.7 for 1.x or 2.0.5 for 2.x are vulnerable to User Impersonation. The package provides an incorrect implementation of XEP-0280: Message Carbons that allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display...

5.9CVSS5.7AI score0.00253EPSS
Exploits3References10
Tenable Nessus
Tenable Nessusadded 2019/09/20 12:0 a.m.22 views

Fedora 29 : dino (2019-0eb6d51f81)

Update dino to a96c8014, which addresses three CVEs. CVE-2019-16235 ============== Dino did not properly check the source of message carbons. https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc5 49c930 CVE-2019-16236...

7.5CVSS7.2AI score0.00814EPSS
Exploits2References6
OpenVAS
OpenVASadded 2019/09/18 12:0 a.m.61 views

Debian: Security Advisory (DSA-4524-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.00814EPSS
Exploits2References4
Prion
Prionadded 2019/09/11 7:15 p.m.22 views

Code injection

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

5CVSS7.4AI score0.00265EPSS
Exploits1References9Affected Software4
OSV
OSVadded 2019/09/11 7:15 p.m.0 views

UBUNTU-CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

7.5CVSS7.1AI score0.00265EPSS
Exploits1References4
Veracode
Veracodeadded 2017/02/10 12:48 a.m.14 views

Social Engineering Attacks Via Impersonation

converse.js is vulnerable to various social engineering attacks via a loophole leading to impersonation. It can happen due to a flaw in implementation of XEP-0280: Message Carbons in multiple XMPP clients, allowing malicious user to impersonate any user, including contacts, in the vulnerable...

5.9CVSS5.6AI score0.00253EPSS
Exploits3References4Affected Software1
0day.today
0day.todayadded 2017/02/10 12:0 a.m.107 views

XMPP Clients User Impersonation Vulnerability

Exploit for multiple platform in category local exploits Multiple XMPP Clients User Impersonation Vulnerability Summary ------- An incorrect implementation of XEP-0280: Message Carbons0 in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerabl...

4.3CVSS5.9AI score0.02715EPSS
Exploits13
CNVD
CNVDadded 2017/02/10 12:0 a.m.3 views

Movim User Simulation Vulnerability

Movim is a social networking platform written in PHP and HTML5 based on the XMPP standard protocol. A security vulnerability exists in Movim versions 0.8 through 0.10. The vulnerability exists because the program fails to properly implement "XEP-0280: Message Carbons". A remote attacker can explo...

5.9CVSS7.2AI score0.00253EPSS
Exploits2References1
CNVD
CNVDadded 2017/02/10 12:0 a.m.1 views

Converse.js User Simulation Vulnerability

Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...

5.9CVSS7AI score0.00253EPSS
Exploits2References1
OSV
OSVadded 2017/02/09 8:59 p.m.20 views

CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

5.9CVSS5.6AI score0.00245EPSS
Exploits2References5
OSV
OSVadded 2017/02/09 8:59 p.m.17 views

CVE-2017-5592

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity 0.4.7 - 0.5.0...

5.9CVSS5.6AI score0.00245EPSS
Exploits2References5
Rows per page
Query Builder