4 matches found
EUVD-2025-204539
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...
turms 安全漏洞
turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from improper access control in the user online status query function and could lead to information disclosure...
CVE-2025-66911
Turms IM Server prior to 0.10.0-SNAPSHOT is affected by a broken access control vulnerability in the user online status query function. The handleQueryUserOnlineStatusesRequest() in UserServiceController.java lets any authenticated user query the online status, device information, and login times...