Lucene search
K

84 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.5 views

CVE-2026-58580

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 7:39 p.m.35 views

CVE-2026-58580 LobeChat 2.2.9 - Broken Object-Level Authorization in Message Sub-Resource Writes

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS0.00154EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 7:39 p.m.16 views

CVE-2026-58580

LobeChat up to version 2.2.9 is affected by broken object-level authorization in MessageModel. An authenticated user who knows another user’s non-enumerable message identifier can overwrite that victim’s plugin tool‑call metadata, plugin state/error, and TTS/translation records via tRPC message p...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 a.m.14 views

CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS0.00667EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:50 a.m.39 views

CVE-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

0.00667EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 p.m.15 views

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 7:51 p.m.10 views

EUVD-2026-33440

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 7:51 p.m.23 views

CVE-2026-47123

FreeScout (PHP/Laravel) prior to 1.8.220 is affected. The FetchEmails command has two paths to identify agent replies via In-Reply-To / References headers. The notification path (notify-{thread_id}-{user_id}-…) derives thread_id and user_id from Message-ID without HMAC verification, enabling an e...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 7:51 p.m.12 views

CVE-2026-47123 FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Cyclic allocation of msgid to avoid reuse. Reusing the msgid after a maliciously completed reopen request may cause a read request to remain unprocessed, resulting in a hung task, as shown below: t1 | t2 | t3...

7.8CVSS6.3AI score0.00282EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 4:16 a.m.18 views

CVE-2026-8131

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS0.00318EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/08 2:15 a.m.8 views

CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 7:37 p.m.6 views

CVE-2026-41402

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

5.4CVSS0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.13 views

CVE-2026-41402

OpenClaw OpenClaw (npm package) is affected by CVE-2026-41402. The vulnerability is a webhook replay cache deduplication scope bypass that lets authenticated attackers replay messages across sibling targets using the same messageId. The issue arises from overly broad cache keying, enabling bypass...

5.4CVSS5.3AI score0.00266EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.10 views

CVE-2026-41362

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.3AI score0.00274EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/14 11:35 p.m.13 views

CVE-2026-39971

CVE-2026-39971 affects Serendipity (PHP weblog). In versions 2.6-beta2 and earlier, include/functions.inc.php embeds the HTTP_HOST value into the SMTP Message-ID header without validation, and serendipity_isResponseClean() is not applied to HTTP_HOST before embedding. An attacker who can control ...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/14 10:32 p.m.4 views

EUVD-2026-22811

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTPHOST in Message-ID email header...

7.2CVSS5.8AI score0.00255EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32967

Summary Serendipity inserts $ SERVER'HTTP HOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

7.2CVSS5.9AI score0.00255EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/02 8:59 p.m.23 views

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

5.4CVSS5.4AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 12:16 p.m.6 views

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

7.5CVSS0.00215EPSS
Exploits0References2
Rows per page
Query Builder