WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to...

WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

AI chat app leak exposes 300 million messages tied to 25 million users

An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

EUVD-2023-41837

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2023-38010

The CVE-2023-38010 entry affects IBM Cloud Pak System. The connected IBM bulletin and Red Hat/NVD entries confirm vulnerabilities where sensitive information is exposed in user messages, potentially aiding subsequent attacks. Affected products/versions include IBM Cloud Pak System 2.3.4.0, 2.3.4....

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

PT-2026-5862

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System affected versions not specified Description IBM Cloud Pak System reveals sensitive information within user messages, potentially assisting attackers. The disclosed information could be leveraged in subsequent attacks...

EUVD-2021-11909

Malware in sbrugna...

EUVD-2021-27530

Malicious code in bioql PyPI...

EUVD-2023-58496

Malicious code in bioql PyPI...

EUVD-2024-51441

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-6251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Request Forgery CSRF in Checkmk 2.2.0p15, 2.1.0p37, = 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users...

CVE-2024-13222

The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-47323

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...