2160 matches found
exploit-bot
No d...
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-39966
TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...
CVE-2026-39969
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-42864
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-50225 Account Creation Exhaustion
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-50225 Account Creation Exhaustion
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-50225
The CVE-2026-50225 entry describes a lack of bot-mitigation on the /v1/account/register endpoint, allowing automated systems to flood the database. Affected component: the registration path; root cause: no bot mitigation mechanisms. Impact (per CVSS 4.0): high availability impact, low confidentia...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
EUVD-2026-34230
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
Meta’s AI support bot happily handed Instagram accounts to hackers
Customer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram...
PT-2026-46177
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts
Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue...
Malicious code in parsimonius (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...
MAL-2026-5151 Malicious code in parsimonius (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...