Total
499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5602 | 1 Jappix Project | 1 Jappix | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. | |||||
| CVE-2017-8650 | 1 Microsoft | 2 Edge, Windows 10 | 2026-05-13 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". | |||||
| CVE-2017-5591 | 3 Poezio, Sleekxmpp Project, Slixmpp Project | 3 Poezio, Sleekxmpp, Slixmpp | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products. | |||||
| CVE-2017-5646 | 1 Apache | 1 Knox | 2026-05-13 | 4.9 MEDIUM | 6.8 MEDIUM |
| For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. | |||||
| CVE-2017-5604 | 1 Mcabber | 1 Mcabber | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | |||||
| CVE-2017-5606 | 1 Xabber | 1 Xabber | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android). | |||||
| CVE-2017-5605 | 1 Movim | 1 Movim | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10. | |||||
| CVE-2017-0902 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2026-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | |||||
| CVE-2016-5168 | 1 Google | 1 Chrome | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. | |||||
| CVE-2017-7667 | 1 Apache | 1 Nifi | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. | |||||
| CVE-2017-5858 | 1 Conversejs | 1 Converse.js | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4). | |||||
| CVE-2017-8523 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2026-05-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555. | |||||
| CVE-2017-8793 | 1 Accellion | 1 File Transfer Appliance | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. | |||||
| CVE-2017-5589 | 1 Yaxim | 2 Bruno, Yaxim | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android). | |||||
| CVE-2017-5590 | 2 Chatsecure, Zom | 2 Chatsecure, Zom | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). | |||||
| CVE-2017-5593 | 1 Psi-plus | 1 Psi\+ | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627). | |||||
| CVE-2017-5592 | 1 Profanity Project | 1 Profanity | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). | |||||
| CVE-2017-5603 | 1 Jitsi | 1 Jitsi | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. | |||||
| CVE-2016-8358 | 1 Smiths-medical | 1 Cadd-solis Medication Safety Software | 2026-05-13 | 6.0 MEDIUM | 8.5 HIGH |
| An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. | |||||
| CVE-2026-35253 | 1 Oracle | 1 Macaron | 2026-05-12 | N/A | 4.7 MEDIUM |
| Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation. | |||||