EUVD-2026-32711

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

PYSEC-2025-90

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

Linux Distros Unpatched Vulnerability : CVE-2025-68131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8....

EUVD-2021-12786

Malware in sbrugna...

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

CVE-2024-1779

CVE-2024-1779 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability stems from a missing capability check in the zt_dcfcf_change_status() function, allowing unauthenticated attackers to modify the read-status of messages. All versions up to and including 1.1...

CVE-2024-1779 Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

SUSE CVE-2023-3754

A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/messageread/xxxxxxxxrandom-msg-hash. The manipulation of the argument message leads to cross site scripting. It is...

SUSE CVE-2016-4485

The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...

OSV-2020-528 Stack-buffer-overflow in ot::Message::Read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17330 Crash type: Stack-buffer-overflow WRITE Crash state: ot::Message::Read ot::NetworkData::Leader::HandleCommissioningGet ot::Coap::CoapBase::ProcessReceivedRequest...

CVE-2014-8487

Kony EMM (Enterprise Mobile Management) 1.2 and earlier is affected by CVE-2014-8487 due to Insecure Direct Object References. A logged-in user can read arbitrary messages via /emm/selfservice/managedevice/getMessageBody?messageId= and retrieve device-related information via /emm/selfservice/devi...

Pine (Local Message Grabber) - Local Message Read

!/bin/sh Grab local pine messages Usage: ./monpine.sh victim pine must use following settings [email protected] http://hacksware.com x enable-alternate-editor-cmd x enable-alternate-editor-implicitly editor = /usr/bin/vi PID=$1 PICOFILE=printf "/tmp/pico.%.6d" $PID TRASHCAN=/tmp/.trashcan.date|se...