CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

EUVD-2018-7585

Malware in sbrugna...

CVE-2024-9686

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...

Authorization Bypass

org.apache.activemq:artemis-server is vulnerable to Authorization Bypass. The vulnerability is due to improper permission enforcement due to users being able to augment the routing-type of an address without having the necessary createAddress permission, potentially allowing unauthorized message...

The vulnerability of the Spring AMQP RabbitMQ messaging application, related to deserialization mechanism flaws, allows attackers to gain unauthorized access to message writing operations in RabbitMQ.

The vulnerability of the Spring AMQP RabbitMQ messaging application is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to write messages to RabbitMQ...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Pulsar Authorization Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

CVE-2023-28318

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the MessageKeepHistory or MessageShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices...

Zoom Client Unauthorized Message Processing Vulnerability (ZSB-18001)

Zoom Client is prone to an unauthorization message processing vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

SolarWinds Orion Platform < 2019.4.2 Remote Code Execution

The Collector Service in SolarWinds Orion Platform before 2019.4.2 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2020-1996

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

Debian DSA-4524-1 : dino-im - security update

Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster contact list and unauthorised sending of message carbons. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Design/Logic Flaw

Zoom clients on Windows before version 4.1.34814.1119, Mac OS before version 4.1.34801.1116, and Linux 2.4.129780.0915 and below are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke...

CVE-2018-15715

CVE-2018-15715 affects Zoom Client for Meetings on Windows, macOS, and Linux (before specific builds). The vulnerability stems from Zoom’s internal messaging pump sending both UDP (untrusted) and TCP (trusted) messages to the same handler, enabling a remote, unauthenticated attacker to craft UDP ...

CVE-2018-15715

Zoom clients on Windows before version 4.1.34814.1119, Mac OS before version 4.1.34801.1116, and Linux 2.4.129780.0915 and below are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke...

Unauthorized Message Through Race Conditions

geode-core is vulnerable to unauthorized messages through race conditions. The vulnerability exists as a message can be authorized before actually receiving its security subject...

Slack: OSX slack:// protocol handler javascript injection

The Mac Slack app version 1.1 introduced the slack:// protocol handler. Due to improper input sanitization, arbitrary Javascript code can be run in the context of the client app if the user clicks on a slack:// link on a website or email. I have confirmed this issue still exists in the 1.1.1...

Symantec Brightmail Anti-Spam 6.0 - Unauthorized Message Disclosure

source: https://www.securityfocus.com/bid/10657/info Symantec Brightmail anti-spam is reported prone to an unauthorized message disclosure vulnerability. This issue exists in the Brightmail anti-spam control center. Due to improper access validation a remote attacker can read users' filtered emai...