EUVD-2026-36245

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

CVE-2026-10154

A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. Upgrading to version 23.0.3 is...

EUVD-2009-4908

Malware in sbrugna...

EUVD-2021-17401

Malware in sbrugna...

EUVD-2006-7022

Malware in sbrugna...

EUVD-2023-45315

Malicious code in bioql PyPI...

CVE-2023-21391

In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20437

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929...

CVE-2022-20241

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2025-3645

CVE-2025-3645 : In Moodle, insufficient capability checks in a messaging web service allow a user to view other users’ names and online statuses. Documents confirm Moodle as affected; impact is user information disclosure (names and presence). Base score 4.3 (Medium) per CVSS 3.1 metrics. No expl...

pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net

A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...

CVE-2025-20139

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit thi...

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...

CVE-2025-22894

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...

Moodle Information Disclosure Vulnerability (CNVD-2024-46248)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that users with the Send Message feature...

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows...

PT-2023-18166 · Messaging · Messaging

Name of the Vulnerable Software and Affected Versions: Messaging affected versions not specified Description: The issue is related to improper input validation in the Messaging application, which could lead to a remote denial of service. No additional execution privileges are needed, and user...