Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by stoatchat

    CVE-2026-57848 (GCVE-0-2026-57848)

    Vulnerability from nvd – Published: 2026-07-18 19:15 – Updated: 2026-07-18 19:15
    VLAI
    Title
    Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation
    Summary
    Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filter the incoming URI before using it as the outgoing attachment, so a caller can pass a file:// URI pointing at the application's own internal storage (for example /data/data/chat.revolt/databases/revolt.db, cached authentication token files, or preferences) and have the app treat that internal file as a user-selected attachment. An attacker who can invoke intents on the victim's device (via ADB access, a co-installed malicious application, or any other route that reaches Android's intent dispatch) can launch ShareTargetActivity with such a URI and cause the victim, on a single channel-selection interaction, to send the internal file to any Stoat channel or user of the attacker's choosing. The composer displays the attachment as \"attachment\" with no filename indication, so the victim has no visible signal that the file being sent is their own internal application data. Consequences include disclosure of the local Stoat database (message history, contact list, cached content), disclosure of authentication tokens permitting full account takeover, and disclosure of any other file readable by the app process.
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat Stoat for Android Affected: 0 , < 1.6.0 (git)
    Create a notification for this product.
    Date Public
    2026-07-17 00:00
    Credits
    Monokle
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Stoat for Android",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Monokle"
            }
          ],
          "datePublic": "2026-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filter the incoming URI before using it as the outgoing attachment, so a caller can pass a file:// URI pointing at the application\u0027s own internal storage (for example /data/data/chat.revolt/databases/revolt.db, cached authentication token files, or preferences) and have the app treat that internal file as a user-selected attachment. An attacker who can invoke intents on the victim\u0027s device (via ADB access, a co-installed malicious application, or any other route that reaches Android\u0027s intent dispatch) can launch ShareTargetActivity with such a URI and cause the victim, on a single channel-selection interaction, to send the internal file to any Stoat channel or user of the attacker\u0027s choosing. The composer displays the attachment as \\\"attachment\\\" with no filename indication, so the victim has no visible signal that the file being sent is their own internal application data. Consequences include disclosure of the local Stoat database (message history, contact list, cached content), disclosure of authentication tokens permitting full account takeover, and disclosure of any other file readable by the app process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper Export of Android Application Components",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-18T19:15:18.458Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/stoatchat/for-android"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/for-android/commit/50d5f5143940809ebb5a61e5f507c956c33aa970"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoat-for-android-internal-file-disclosure-via-exported-sharetargetactivity-uri-validation"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-57848",
        "datePublished": "2026-07-18T19:15:18.458Z",
        "dateReserved": "2026-06-25T18:48:00.282Z",
        "dateUpdated": "2026-07-18T19:15:18.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63088 (GCVE-0-2026-63088)

    Vulnerability from nvd – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
    VLAI
    Title
    stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
    Summary
    stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.14.0 (semver)
    Create a notification for this product.
    Date Public
    2026-07-13 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T18:00:05.693791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T18:00:29.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "stoatchat",
              "repo": "https://github.com/stoatchat/stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:40:56.120Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
            },
            {
              "name": "Release Notes",
              "tags": [
                "release-notes",
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
            },
            {
              "name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63088",
        "datePublished": "2026-07-16T16:40:56.120Z",
        "dateReserved": "2026-07-15T15:45:44.600Z",
        "dateUpdated": "2026-07-16T18:00:29.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63306 (GCVE-0-2026-63306)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
    VLAI
    Title
    stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
    Summary
    stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.13.5 (semver)
    Unaffected: 0.13.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-17 00:00
    Credits
    AzureADTrent
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:17:07.146090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:17:25.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:cargo/revolt-january",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.13.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.13.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AzureADTrent"
            }
          ],
          "datePublic": "2026-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:17.351Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
            }
          ],
          "title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63306",
        "datePublished": "2026-07-16T12:19:17.351Z",
        "dateReserved": "2026-07-16T12:13:18.732Z",
        "dateUpdated": "2026-07-16T13:17:25.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71388 (GCVE-0-2025-71388)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
    VLAI
    Title
    stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
    Summary
    stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 20241213-1 , < 20250210-1 (semver)
    Unaffected: 20250210-1 (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:12:48.229605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:10:58.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1",
                  "status": "affected",
                  "version": "20241213-1",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:15.310Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
            },
            {
              "name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
            }
          ],
          "title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71388",
        "datePublished": "2026-07-16T12:19:15.310Z",
        "dateReserved": "2026-07-16T12:14:41.769Z",
        "dateUpdated": "2026-07-16T15:10:58.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71377 (GCVE-0-2025-71377)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
    VLAI
    Title
    stoatchat before 20250210-1 Unrestricted Message History Fetch
    Summary
    stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 20250210-1 (0.8.2) (semver)
    Unaffected: 20250210-1 (0.8.2) (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:58:58.260798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:59:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1 (0.8.2)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1 (0.8.2)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:14.582Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
            }
          ],
          "title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71377",
        "datePublished": "2026-07-16T12:19:14.582Z",
        "dateReserved": "2026-06-20T13:11:44.728Z",
        "dateUpdated": "2026-07-16T12:59:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58360 (GCVE-0-2024-58360)

    Vulnerability from nvd – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
    VLAI
    Title
    stoatchat before 0.7.8 Unrestricted Account Creation
    Summary
    stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.7.8 (semver)
    Unaffected: 0.7.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:49:16.124593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:49:27.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.7.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:23:14.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
            }
          ],
          "title": "stoatchat before 0.7.8 Unrestricted Account Creation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58360",
        "datePublished": "2026-07-16T12:23:14.567Z",
        "dateReserved": "2026-07-16T12:22:08.178Z",
        "dateUpdated": "2026-07-18T02:49:27.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57848 (GCVE-0-2026-57848)

    Vulnerability from cvelistv5 – Published: 2026-07-18 19:15 – Updated: 2026-07-18 19:15
    VLAI
    Title
    Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation
    Summary
    Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filter the incoming URI before using it as the outgoing attachment, so a caller can pass a file:// URI pointing at the application's own internal storage (for example /data/data/chat.revolt/databases/revolt.db, cached authentication token files, or preferences) and have the app treat that internal file as a user-selected attachment. An attacker who can invoke intents on the victim's device (via ADB access, a co-installed malicious application, or any other route that reaches Android's intent dispatch) can launch ShareTargetActivity with such a URI and cause the victim, on a single channel-selection interaction, to send the internal file to any Stoat channel or user of the attacker's choosing. The composer displays the attachment as \"attachment\" with no filename indication, so the victim has no visible signal that the file being sent is their own internal application data. Consequences include disclosure of the local Stoat database (message history, contact list, cached content), disclosure of authentication tokens permitting full account takeover, and disclosure of any other file readable by the app process.
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat Stoat for Android Affected: 0 , < 1.6.0 (git)
    Create a notification for this product.
    Date Public
    2026-07-17 00:00
    Credits
    Monokle
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Stoat for Android",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Monokle"
            }
          ],
          "datePublic": "2026-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component (reachable to any process on the device via the android.intent.action.SEND intent) and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filter the incoming URI before using it as the outgoing attachment, so a caller can pass a file:// URI pointing at the application\u0027s own internal storage (for example /data/data/chat.revolt/databases/revolt.db, cached authentication token files, or preferences) and have the app treat that internal file as a user-selected attachment. An attacker who can invoke intents on the victim\u0027s device (via ADB access, a co-installed malicious application, or any other route that reaches Android\u0027s intent dispatch) can launch ShareTargetActivity with such a URI and cause the victim, on a single channel-selection interaction, to send the internal file to any Stoat channel or user of the attacker\u0027s choosing. The composer displays the attachment as \\\"attachment\\\" with no filename indication, so the victim has no visible signal that the file being sent is their own internal application data. Consequences include disclosure of the local Stoat database (message history, contact list, cached content), disclosure of authentication tokens permitting full account takeover, and disclosure of any other file readable by the app process."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper Export of Android Application Components",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-18T19:15:18.458Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Product",
              "tags": [
                "product"
              ],
              "url": "https://github.com/stoatchat/for-android"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/for-android/commit/50d5f5143940809ebb5a61e5f507c956c33aa970"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoat-for-android-internal-file-disclosure-via-exported-sharetargetactivity-uri-validation"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-57848",
        "datePublished": "2026-07-18T19:15:18.458Z",
        "dateReserved": "2026-06-25T18:48:00.282Z",
        "dateUpdated": "2026-07-18T19:15:18.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63088 (GCVE-0-2026-63088)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
    VLAI
    Title
    stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
    Summary
    stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.14.0 (semver)
    Create a notification for this product.
    Date Public
    2026-07-13 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T18:00:05.693791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T18:00:29.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "stoatchat",
              "repo": "https://github.com/stoatchat/stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:40:56.120Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
            },
            {
              "name": "Release Notes",
              "tags": [
                "release-notes",
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
            },
            {
              "name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63088",
        "datePublished": "2026-07-16T16:40:56.120Z",
        "dateReserved": "2026-07-15T15:45:44.600Z",
        "dateUpdated": "2026-07-16T18:00:29.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58360 (GCVE-0-2024-58360)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
    VLAI
    Title
    stoatchat before 0.7.8 Unrestricted Account Creation
    Summary
    stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.7.8 (semver)
    Unaffected: 0.7.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:49:16.124593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:49:27.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.7.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:23:14.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
            }
          ],
          "title": "stoatchat before 0.7.8 Unrestricted Account Creation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58360",
        "datePublished": "2026-07-16T12:23:14.567Z",
        "dateReserved": "2026-07-16T12:22:08.178Z",
        "dateUpdated": "2026-07-18T02:49:27.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63306 (GCVE-0-2026-63306)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
    VLAI
    Title
    stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
    Summary
    stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.13.5 (semver)
    Unaffected: 0.13.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-17 00:00
    Credits
    AzureADTrent
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:17:07.146090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:17:25.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:cargo/revolt-january",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.13.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.13.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AzureADTrent"
            }
          ],
          "datePublic": "2026-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:17.351Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
            }
          ],
          "title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63306",
        "datePublished": "2026-07-16T12:19:17.351Z",
        "dateReserved": "2026-07-16T12:13:18.732Z",
        "dateUpdated": "2026-07-16T13:17:25.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71388 (GCVE-0-2025-71388)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
    VLAI
    Title
    stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
    Summary
    stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 20241213-1 , < 20250210-1 (semver)
    Unaffected: 20250210-1 (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:12:48.229605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:10:58.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1",
                  "status": "affected",
                  "version": "20241213-1",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:15.310Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
            },
            {
              "name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
            }
          ],
          "title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71388",
        "datePublished": "2026-07-16T12:19:15.310Z",
        "dateReserved": "2026-07-16T12:14:41.769Z",
        "dateUpdated": "2026-07-16T15:10:58.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71377 (GCVE-0-2025-71377)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
    VLAI
    Title
    stoatchat before 20250210-1 Unrestricted Message History Fetch
    Summary
    stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 20250210-1 (0.8.2) (semver)
    Unaffected: 20250210-1 (0.8.2) (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:58:58.260798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:59:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1 (0.8.2)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1 (0.8.2)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:14.582Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
            }
          ],
          "title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71377",
        "datePublished": "2026-07-16T12:19:14.582Z",
        "dateReserved": "2026-06-20T13:11:44.728Z",
        "dateUpdated": "2026-07-16T12:59:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }