68 matches found
CVE-2026-7765
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
EUVD-2026-35051
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765 User Messages widget leaked issuer messages on shared dashboards
Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...
CVE-2026-7765
Checkmk
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to...
WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
AI chat app leak exposes 300 million messages tied to 25 million users
An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
The CVE-2023-38010 entry affects IBM Cloud Pak System. The connected IBM bulletin and Red Hat/NVD entries confirm vulnerabilities where sensitive information is exposed in user messages, potentially aiding subsequent attacks. Affected products/versions include IBM Cloud Pak System 2.3.4.0, 2.3.4....
EUVD-2023-41837
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
PT-2026-5862
Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System affected versions not specified Description IBM Cloud Pak System reveals sensitive information within user messages, potentially assisting attackers. The disclosed information could be leveraged in subsequent attacks...
EUVD-2021-11909
Malware in sbrugna...
EUVD-2021-27530
Malicious code in bioql PyPI...
EUVD-2023-58496
Malicious code in bioql PyPI...