Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/03/30 1:17 p.m.23 views

CVE-2026-3321 Authorization Bypass in ON24 Q&A chat

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 1:17 p.m.12 views

CVE-2026-3321

CVE-2026-3321 describes an authorization bypass in ON24 Q&A chat, via a user-controlled key in the endpoint console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/. An unauthenticated attacker can enumerate event IDs and access the full Q&A history, exposing IDs, private URLs, messages, references, a...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

ON24 Q&A Chat 安全漏洞

ON24 Q&A Chat is an online interactive Q&A and chat component developed by ON24 Inc. There is a security vulnerability in ON24 Q&A Chat. This vulnerability stems from the console-survey/api/v1/answer/EVENTID/TIMESTAMP/ endpoint, which allows unauthorized access through bypassing user-controlled...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-21470

Malware in sbrugna...

9.1CVSS9AI score0.01979EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:52 p.m.5 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS7AI score0.01979EPSS
Exploits0References1
NVD
NVD
added 2021/08/13 5:15 p.m.17 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1CVSS0.01979EPSS
Exploits0References2
Prion
Prion
added 2021/08/13 5:15 p.m.12 views

Path traversal

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

6.4CVSS8.8AI score0.01979EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/13 4:48 p.m.24 views

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

9.1AI score0.01979EPSS
Exploits0References2
CVE
CVE
added 2021/08/13 4:48 p.m.79 views

CVE-2021-34823

CVE-2021-34823 affects the ON24 ScreenShare (DesktopScreenShare.app) plugin for macOS prior to version 2.0. An unauthenticated remote user can access files via the plugin’s built-in HTTP server. The vulnerability triggers a code path that downloads a configuration file from a remote machine over ...

9.1CVSS8.7AI score0.01979EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2020/08/03 7:17 a.m.10 views

on24.com Improper Access Control vulnerability OBB-1249173

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.2AI score
Exploits0
Rows per page
Query Builder