Lucene search
K

16 matches found

EUVD
EUVD
added 2026/04/08 6:20 p.m.2 views

EUVD-2026-20568

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

5.3CVSS5.9AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:20 p.m.21 views

CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

5.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:20 p.m.10 views

CVE-2026-34837

Zammad (web-based open source helpdesk) has an authorization flaw in the REST endpoint POST /api/v1/ai_assistance/text_tools/:id prior to version 7.0.1. Context data (e.g., group/organization) used in AI prompts were not validated for the current user, allowing unauthorized data to be included in...

5.3CVSS5.9AI score0.0018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 6:18 p.m.16 views

CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 6:18 p.m.29 views

CVE-2026-34782

Zammad (web-based helpdesk) has an access-control flaw in the REST endpoint POST /api/v1/ai_assistance/text_tools/:id, allowing use of the text tool without proper privileges prior to versions 7.0.1 and 6.5.4. The issue enables exploitation in network contexts with low privileges and no user inte...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.3 views

Understanding Human-AI Collaboration in Cybersecurity Competitions

Capture-the-Flag CTF competitions are increasingly becoming a testbed for evaluating AI capabilities at solving security tasks, due to the controlled environments and objective success criteria. Existing evaluations have focused on how successful AI is at solving CTF challenges in isolation from...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.7 views

CVE-2026-25402

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.30 views

CVE-2026-25402 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...

4.3CVSS0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-22205

Malicious code in bioql PyPI...

8.7CVSS9.1AI score0.00465EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/07/30 4:11 p.m.6 views

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said. FunkSec,...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:18 a.m.9 views

CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

8.7CVSS8.6AI score0.00465EPSS
Exploits0References1
NVD
NVD
added 2024/03/27 6:15 a.m.12 views

CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

8.7CVSS8.7AI score0.00465EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.148 views

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)

November 14, 2023—KB5032190 OS Builds 22621.2715 and 22631.2715 UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session...

9.8CVSS8.2AI score0.88196EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.9 views

PT-2024-20610 · Unknown · Knowledge Base For Documentation

Name of the Vulnerable Software and Affected Versions: Knowledge Base for Documentation, FAQs with AI Assistance versions n/a through 11.30.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Knowledge Base for Documentation, FAQs with AI Assistance plugin...

8.7CVSS9.3AI score0.00465EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.16 views

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

8.7CVSS6.8AI score0.00465EPSS
Exploits0References2Affected Software1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.16 views

Windows help & learning

None None...

5.8AI score
Exploits0
Rows per page
Query Builder