Lucene search
+L

40 matches found

cnnvd
cnnvd
added 2025/06/23 12:0 a.m.5 views

PySpur 安全漏洞

PySpur is a visual playground for agent workflows in PySpur open source: iterate through agents 10x faster. A security vulnerability exists in PySpur 0.1.18 and earlier versions, which stems from improper neutralization of special elements of the template engine due to incorrect manipulation of t...

6.5CVSS6.2AI score0.00327EPSS
Exploits0References5
wired
wired
added 2025/05/06 8:24 p.m.20 views

The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats

A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app...

7.4AI score
Exploits0
citrix
citrix
added 2024/07/26 12:0 a.m.5 views

Change display message for users when trying to access a resource that is in maintenance

Change display message for users when trying to access a resource that is in maintenance mode...

7AI score
Exploits0
ptsecurity
ptsecurity
added 2024/03/07 12:0 a.m.8 views

PT-2024-2791 · Microsoft · Azure Private 5G Core

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Private 5G Core affected versions not specified Description: The issue is related to improper input validation in the InitialUEMessage processing, which can lead to a denial-of-service condition. This can be exploited by a...

5.9CVSS8.9AI score0.05533EPSS
Exploits0References7
nvd
nvd
added 2024/02/15 11:15 p.m.18 views

CVE-2023-40113

In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00082EPSS
Exploits0References2
cve
cve
added 2024/02/15 10:31 p.m.8231 views

CVE-2023-40113

CVE-2023-40113 affects the Android platform (System component) and stems from a missing permission check that allowed apps to access cross‑user message data. This enables local information disclosure without extra privileges or user interaction. Public details in the provided documents are limite...

5.5CVSS6AI score0.00082EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/02/15 10:31 p.m.19 views

CVE-2023-40113

In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00082EPSS
Exploits0References2
cvelist
cvelist
added 2024/02/15 10:31 p.m.29 views

CVE-2023-40113

In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

8.1AI score0.00082EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/12/28 12:0 a.m.3 views

msgpacker security vulnerability

msgpacker is a fast MessagePack NodeJS/JavaScript implementation. A security vulnerability exists in versions of msgpacker prior to 1.10.1, which stems from the fact that when decoding a user-supplied MessagePack message, an attacker can craft the message in such a way that the decoder triggers...

6.8CVSS6.7AI score0.00685EPSS
Exploits0References4
citrix
citrix
added 2023/09/28 12:0 a.m.13 views

Login using Okta shows the message "It doesn't look like you have any apps/desktops"

When Okta authentication is used to login for Citrix Cloud, user don't see application or desktop. Instead they get the message: "It doesn't look like you have any apps/desktops"...

7.3AI score
Exploits0
cnnvd
cnnvd
added 2021/11/29 12:0 a.m.5 views

PhpWhois 跨站脚本漏洞

PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...

6.1CVSS5.1AI score0.00608EPSS
Exploits1References2
cnvd
cnvd
added 2020/11/04 12:0 a.m.1 views

Stored Cross-site Scripting Vulnerability in CupCMS User Message Boards

CupCMS is a content management system that integrates video, stars, news, comics, community and more. A stored cross-site scripting vulnerability exists in CupCMS user message boards, which can be exploited by attackers to obtain an administrator cookie...

6.1AI score
Exploits0
exploitpack
exploitpack
added 2020/03/03 12:0 a.m.52 views

Microsoft Windows - WizardOpium Local Privilege Escalation

Microsoft Windows - WizardOpium Local Privilege Escalation include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx,...

0.5AI score
Exploits0
cnvd
cnvd
added 2018/01/29 12:0 a.m.4 views

SQL Injection Vulnerability in zzcms 8.2 user/msg.php File

zzcms is an enterprise website builder program It is an enterprise website builder program. An SQL injection vulnerability exists in the user/msg.php file of zzcms version 8.2, which can be exploited by attackers to access or modify database information...

8AI score
Exploits0
packetstorm
packetstorm
added 2011/10/17 12:0 a.m.30 views

Dominant Creature BBG/RPG Browser Game Cross Site Scripting

=================================================================================== Dominant Creature BBG/RPG browser game XSS vulnerabilities =================================================================================== Exploit Title: Dominant Creature BBG/RPG browser game XSS...

7.4AI score
Exploits0
nvd
nvd
added 2009/09/03 5:30 p.m.22 views

CVE-2009-3060

Multiple cross-site scripting XSS vulnerabilities in Joker Board aka JBoard 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the notice parameter to editform.php, 2 the editusermessage parameter to core/editusermessage.php, or 3 the usertitle parameter to...

4.3CVSS5.9AI score0.00929EPSS
Exploits1References2
cvelist
cvelist
added 2005/08/16 4:0 a.m.23 views

CVE-2004-2317

Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access...

6.1AI score0.01181EPSS
Exploits0References2
exploitdb
exploitdb
added 2004/02/05 12:0 a.m.25 views

Discuz! 2.0/3.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/9584/info It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful exploitation of this issue, a maliciou...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/12/14 12:0 a.m.29 views

Anyone can read all XOOPS private messages

www.phpsecure.org advisory. In french : http://www.phpsecure.org/?zone=pComment&d=101 By valdeux Publiacted on december, 13th 2002 As most part of PHP CMS, XOOPS allows users to send and receive Private Messages PMs, that are saved on the DataBase. We found how all messages are readable. And sure...

Exploits0
securityvulns
securityvulns
added 2001/09/08 12:0 a.m.39 views

Insecure handling of notes in Slashcode

Security Advisory - September 9, 2001 plastic.com's Slashcode Overview: The implementation of private notes on plastic.com's Slashcode-driven site is insecure. Any logged in user can view any message in the system. Description: After logging into the site as a user,...

6.9AI score
Exploits0
Rows per page
Query Builder