72 matches found
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
UBUNTU-CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
EUVD-2026-35051
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Checkmk
CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
PT-2026-47285
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to...
WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
AI chat app leak exposes 300 million messages tied to 25 million users
An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
EUVD-2023-41837
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
Technical details about CVE-2023-38010 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...