59 matches found
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
EUVD-2026-33759
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139
Summary: Nanobot before 0.2.1 contains a server-side request forgery (SSRF) in the Microsoft Teams channel handler, enabling attackers to exfiltrate Bot Framework bearer tokens. By sending a forged inbound activity with an attacker-controlled serviceUrl, an adversary can poison the stored convers...
Nanobot code issues and vulnerabilities
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...
PT-2026-45561
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2025-62378
CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...
EUVD-2021-0037
Malware in sbrugna...
EUVD-2025-12760
Malicious code in bioql PyPI...
EUVD-2025-12757
Malicious code in bioql PyPI...
EUVD-2021-30169
Malicious code in bioql PyPI...
Azure Bot Framework Chatbot Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Azure Bot Framework chatbot on the target application. Azure Bot Framework is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category. No sour...
CVE-2025-30392
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30389
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30389
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30392
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30389
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30392
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-30392
CVE-2025-30392 concerns an elevation of privilege due to improper authorization in the Azure Bot Framework SDK . The vulnerability allows an unauthenticated attacker to elevate privileges over the network, as described in multiple sources (including Microsoft’s update guidance). Affected componen...