CVE-2023-26041

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.

Related Vulnerabilities

CVE-2023-1936

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, wh...

CWE-3592023

CVE-2023-34085

MEDIUM
CVSS:4.3(Medium)

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

CWE-3592023

CVE-2024-13215

MEDIUM
CVSS:4.3(Medium)

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets...

CWE-3592024

CVE-2024-13216

MEDIUM
CVSS:4.3(Medium)

The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function i...

CWE-3592024

CVE-2024-13217

MEDIUM
CVSS:4.3(Medium)

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes...

CWE-3592024

CVE-2024-41729

MEDIUM
CVSS:4.3(Medium)

Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can...

CWE-3592024