CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

GO-2025-4133 Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server

Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Agents plugin process. An attacker can access information about when users have read channels by querying channel member objects. Remediation Upgrade...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074

Mattermost server (versions 10.11.x <= 10.11.3 and 10.5.x

Linux Distros Unpatched Vulnerability : CVE-2023-42453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they kn...

CVE-2024-23330

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

CVE-2024-7438

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument...

CVE-2024-7438 SimpleMachines SMF User Alert Read Status index.php resource injection

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument...

CVE-2024-7438 SimpleMachines SMF User Alert Read Status index.php resource injection

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument...

PT-2024-38348 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability has been found in the User Alert Read Status Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=read. The manipulation of the aid argument...

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

CVE-2024-1779 Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

CVE-2024-1779

CVE-2024-1779 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability stems from a missing capability check in the zt_dcfcf_change_status() function, allowing unauthenticated attackers to modify the read-status of messages. All versions up to and including 1.1...

PT-2024-18300 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 plugin for WordPress versions up to, and including, 1.1.1 Description: The Admin side data storage for the Contact Form 7 plugin is vulnerable to unauthorized modification of data due to a missing capability check on the zt dcf...

Bumble: Bumble API exposes read status of chat messages

Summary The Bumble app allows matches to chat with each other. In the mobile apps it is possible to see whether a message has been delivered the webapp does not offer this feature, but the read status of messages is never disclosed. However, by issuing a POST request to the API endpoint at...

CVE-2016-4842

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read...

Cybozu Mailwise vulnerable to information disclosure

Overview Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinat...