Search

Find a vulnerability

Search criteria

    10 vulnerabilities by stoatchat

    CVE-2026-63088 (GCVE-0-2026-63088)

    Vulnerability from nvd – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
    VLAI
    Title
    stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
    Summary
    stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.14.0 (semver)
    Create a notification for this product.
    Date Public
    2026-07-13 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T18:00:05.693791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T18:00:29.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "stoatchat",
              "repo": "https://github.com/stoatchat/stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:40:56.120Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
            },
            {
              "name": "Release Notes",
              "tags": [
                "release-notes",
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
            },
            {
              "name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63088",
        "datePublished": "2026-07-16T16:40:56.120Z",
        "dateReserved": "2026-07-15T15:45:44.600Z",
        "dateUpdated": "2026-07-16T18:00:29.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63306 (GCVE-0-2026-63306)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
    VLAI
    Title
    stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
    Summary
    stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.13.5 (semver)
    Unaffected: 0.13.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-17 00:00
    Credits
    AzureADTrent
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:17:07.146090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:17:25.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:cargo/revolt-january",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.13.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.13.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AzureADTrent"
            }
          ],
          "datePublic": "2026-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:17.351Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
            }
          ],
          "title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63306",
        "datePublished": "2026-07-16T12:19:17.351Z",
        "dateReserved": "2026-07-16T12:13:18.732Z",
        "dateUpdated": "2026-07-16T13:17:25.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71388 (GCVE-0-2025-71388)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
    VLAI
    Title
    stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
    Summary
    stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 20241213-1 , < 20250210-1 (semver)
    Unaffected: 20250210-1 (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:12:48.229605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:10:58.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1",
                  "status": "affected",
                  "version": "20241213-1",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:15.310Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
            },
            {
              "name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
            }
          ],
          "title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71388",
        "datePublished": "2026-07-16T12:19:15.310Z",
        "dateReserved": "2026-07-16T12:14:41.769Z",
        "dateUpdated": "2026-07-16T15:10:58.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71377 (GCVE-0-2025-71377)

    Vulnerability from nvd – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
    VLAI
    Title
    stoatchat before 20250210-1 Unrestricted Message History Fetch
    Summary
    stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 20250210-1 (0.8.2) (semver)
    Unaffected: 20250210-1 (0.8.2) (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:58:58.260798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:59:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1 (0.8.2)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1 (0.8.2)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:14.582Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
            }
          ],
          "title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71377",
        "datePublished": "2026-07-16T12:19:14.582Z",
        "dateReserved": "2026-06-20T13:11:44.728Z",
        "dateUpdated": "2026-07-16T12:59:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58360 (GCVE-0-2024-58360)

    Vulnerability from nvd – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
    VLAI
    Title
    stoatchat before 0.7.8 Unrestricted Account Creation
    Summary
    stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.7.8 (semver)
    Unaffected: 0.7.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:49:16.124593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:49:27.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.7.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:23:14.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
            }
          ],
          "title": "stoatchat before 0.7.8 Unrestricted Account Creation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58360",
        "datePublished": "2026-07-16T12:23:14.567Z",
        "dateReserved": "2026-07-16T12:22:08.178Z",
        "dateUpdated": "2026-07-18T02:49:27.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63088 (GCVE-0-2026-63088)

    Vulnerability from cvelistv5 – Published: 2026-07-16 16:40 – Updated: 2026-07-16 18:00 X_Open Source
    VLAI
    Title
    stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass
    Summary
    stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.14.0 (semver)
    Create a notification for this product.
    Date Public
    2026-07-13 00:00
    Credits
    George Chen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T18:00:05.693791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T18:00:29.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "stoatchat",
              "repo": "https://github.com/stoatchat/stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George Chen"
            }
          ],
          "datePublic": "2026-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the url_is_blacklisted function, which inspects only the first resolved address while the underlying HTTP client iterates all cached addresses."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T16:40:56.120Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-4mcc-p83c-r77q)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-4mcc-p83c-r77q"
            },
            {
              "name": "Release Notes",
              "tags": [
                "release-notes",
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/releases/tag/v0.14.0"
            },
            {
              "name": "Incomplete Fix - GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-ssrf-via-dns-based-ip-blocklist-bypass"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "stoatchat \u003c 0.14.0 SSRF via DNS-based IP Blocklist Bypass",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63088",
        "datePublished": "2026-07-16T16:40:56.120Z",
        "dateReserved": "2026-07-15T15:45:44.600Z",
        "dateUpdated": "2026-07-16T18:00:29.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58360 (GCVE-0-2024-58360)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:23 – Updated: 2026-07-18 02:49
    VLAI
    Title
    stoatchat before 0.7.8 Unrestricted Account Creation
    Summary
    stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1173 - Improper Use of Validation Framework
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.7.8 (semver)
    Unaffected: 0.7.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-18T02:49:16.124593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-18T02:49:27.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.7.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1173",
                  "description": "Improper Use of Validation Framework",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:23:14.567Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-f26h-rqjq-qqjq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.7.8 Unrestricted Account Creation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation"
            }
          ],
          "title": "stoatchat before 0.7.8 Unrestricted Account Creation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58360",
        "datePublished": "2026-07-16T12:23:14.567Z",
        "dateReserved": "2026-07-16T12:22:08.178Z",
        "dateUpdated": "2026-07-18T02:49:27.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-63306 (GCVE-0-2026-63306)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 13:17
    VLAI
    Title
    stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
    Summary
    stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 0.13.5 (semver)
    Unaffected: 0.13.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-17 00:00
    Credits
    AzureADTrent
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-63306",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T13:17:07.146090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T13:17:25.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:cargo/revolt-january",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "0.13.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "0.13.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AzureADTrent"
            }
          ],
          "datePublic": "2026-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:17.351Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-xhww-5g9p-vvq5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints"
            }
          ],
          "title": "stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-63306",
        "datePublished": "2026-07-16T12:19:17.351Z",
        "dateReserved": "2026-07-16T12:13:18.732Z",
        "dateUpdated": "2026-07-16T13:17:25.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71388 (GCVE-0-2025-71388)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 15:10
    VLAI
    Title
    stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions
    Summary
    stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 20241213-1 , < 20250210-1 (semver)
    Unaffected: 20250210-1 (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:12:48.229605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:10:58.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1",
                  "status": "affected",
                  "version": "20241213-1",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta/Revolt) versions from 20241213-1 before 20250210-1 allow users with only ViewChannel (read) permission on a channel to fetch that channel\u0027s webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token, an attacker can send arbitrary messages to the channel, bypassing channel permissions and impersonating a bot or webhook. Fixed in 20250210-1 (0.8.2)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:15.310Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8684-rvfj-v3jq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-8684-rvfj-v3jq"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/e3723d647effb81ea3d3919d848faf64dbe89829"
            },
            {
              "name": "VulnCheck Advisory: stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-20241213-1-webhook-token-disclosure-via-read-permissions"
            }
          ],
          "title": "stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71388",
        "datePublished": "2026-07-16T12:19:15.310Z",
        "dateReserved": "2026-07-16T12:14:41.769Z",
        "dateUpdated": "2026-07-16T15:10:58.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71377 (GCVE-0-2025-71377)

    Vulnerability from cvelistv5 – Published: 2026-07-16 12:19 – Updated: 2026-07-16 12:59
    VLAI
    Title
    stoatchat before 20250210-1 Unrestricted Message History Fetch
    Summary
    stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1025 - Comparison Using Wrong Factors
    Assigner
    Impacted products
    Vendor Product Version
    stoatchat stoatchat Affected: 0 , < 20250210-1 (0.8.2) (semver)
    Unaffected: 20250210-1 (0.8.2) (semver)
    Create a notification for this product.
    Date Public
    2025-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T12:58:58.260798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T12:59:14.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "stoatchat",
              "vendor": "stoatchat",
              "versions": [
                {
                  "lessThan": "20250210-1 (0.8.2)",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "20250210-1 (0.8.2)",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages \u0027nearby\u0027 another message, the database query can be given a message limit of zero, which the database interprets as \u0027no limit\u0027. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel\u0027s message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1025",
                  "description": "Comparison Using Wrong Factors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T12:19:14.582Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7h6-7pxm-mc66)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66"
            },
            {
              "name": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94"
            },
            {
              "name": "VulnCheck Advisory: stoatchat before 20250210-1 Unrestricted Message History Fetch",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch"
            }
          ],
          "title": "stoatchat before 20250210-1 Unrestricted Message History Fetch",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-71377",
        "datePublished": "2026-07-16T12:19:14.582Z",
        "dateReserved": "2026-06-20T13:11:44.728Z",
        "dateUpdated": "2026-07-16T12:59:14.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }