CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

PT-2026-7166

Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-16 Description PolarLearn is a free and open-source learning program. The group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without authentication. An unauthenticated client can subscri...

EUVD-2014-2602

Malware in sbrugna...

EUVD-2008-3071

Malware in sbrugna...

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

Ivanti Connect Secure 安全漏洞

Ivanti Connect Secure ICS is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3, which stems from an issue with the plaintext storage of message...

EaseUS CMS Message Storage Type Cross-site Scripting Vulnerability

EECO CMS is a marketing enterprise website system based on SEO development. A stored cross-site scripting vulnerability exists in the EE CMS message, due to the program not filtering the title and so on. Allow attackers to exploit the vulnerability to carry out cross-site attacks...

CVE-2008-3081

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

Input validation

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

Avaya产品WEB管理接口输入验证漏洞

BUGTRAQ ID: 29939,29938 Avaya是一家提供IP通信以及面向企业的通信网络设计、建造、部署和管理的厂商。 Avaya的Communication Manager、Message Storage Server和Avaya SIP Enablement Services 产品的WEB管理接口存在输入验证错误，如果远程攻击者向上述产品的WEB管理接口提交了恶意请求的话，就可能导致读取敏感信息或执行任意指令。 0 AVAYA Communication Manager 4.x AVAYA Communication Manager 3.1.x AVAYA SIP...

CVE-2006-2422

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact"...

CVE-2006-2422

CVE-2006-2422 affects phpCOIN 1.2.3 and earlier. The flaw allows remote authenticated users to read other users’ messages by adding the sender’s e‑mail address as an “additional contact,” indicating a partial confidentiality impact. The NVD entry notes network attack vector with low complexity an...

CVE-2005-4471

CVE-2005-4471 concerns the POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP4 and earlier. The vulnerability allows remote attackers to cause a denial-of-service (infinite loop) by sending crafted packets over the network. The available records explicitly identify the af...