CVE-2025-71388
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetc
CVSS
—
Sin CVSS
EPSS
—
KEV
—
Exploit Today
0
0-100
Publicado: 16 jul 2026 · Última mod.: 16 jul 2026 · CWE-639
Sin historial EPSS suficiente todavía.
stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
- github.comhttps://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829
- github.comhttps://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq
- www.vulncheck.comhttps://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-552558.4 ALT42.8%
KEV—63Langflow Authorization Bypass Through User-Controlled Key Vulnerability8dCVE-2021-464168.1 ALT89.9%
——27Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.3dCVE-2022-289867.5 ALT80.8%
——24LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.8dCVE-2020-234465.3 MED65.5%
——20Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API8dCVE-2021-33806.5 MED61.5%
——18Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.8dCVE-2022-362029.8 CRÍ51.5%
——15Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.8d