Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 3:51 p.m.9 views

CVE-2026-54029

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.9AI score0.00159EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2026/05/11 2:4 p.m.11 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

HiJiffy Chatbot 安全漏洞

HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.7 views

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

7.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/23 12:25 a.m.13 views

CVE-2025-63664

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

7.5CVSS6.8AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.7 views

PT-2025-4029 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the CHAT ID parameter in the endpoint "/embedai/chats/load messages?ch...

8.6CVSS6.4AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from insufficient permission checking when deleting messages. A remote user can...

5.3CVSS6.8AI score0.00585EPSS
Exploits0References4
CNVD
CNVD
added 2017/06/23 12:0 a.m.3 views

74cms has an override access vulnerability

74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms has an unauthorized access vulnerability. An attacker can use this vulnerability to gain unauthorized access to other people's messages...

7.2AI score
Exploits0
Rows per page
Query Builder