Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...

HiJiffy Chatbot 安全漏洞

HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

CVE-2025-63664

Incorrect access control in the /api/v1/conversations//messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents...

EUVD-2019-3451

Malware in sbrugna...

PT-2025-4029 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain chat messages belonging to other users by modifying the CHAT ID parameter in the endpoint "/embedai/chats/load messages?ch...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from insufficient permission checking when deleting messages. A remote user can...

The vulnerability of the software authentication module of the Cisco Content Security Management Appliance allows a hacker to gain access to spam messages from other users.

The vulnerability of the software authentication module of the Cisco Content Security Management Appliance is related to authentication errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to spam messages from other users...

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

74cms has an override access vulnerability

74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms has an unauthorized access vulnerability. An attacker can use this vulnerability to gain unauthorized access to other people's messages...