Lucene search
K

4 matches found

EUVD
EUVD
added 2025/12/19 3:31 p.m.5 views

EUVD-2025-204539

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.2AI score0.0028EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.29 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

0.0028EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from improper access control in the user online status query function and could lead to information disclosure...

6.5CVSS6.4AI score0.0028EPSS
Exploits1References4
CVE
CVE
added 2025/12/19 12:0 a.m.12 views

CVE-2025-66911

Turms IM Server prior to 0.10.0-SNAPSHOT is affected by a broken access control vulnerability in the user online status query function. The handleQueryUserOnlineStatusesRequest() in UserServiceController.java lets any authenticated user query the online status, device information, and login times...

6.5CVSS6.4AI score0.0028EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder