Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...

PT-2026-7624

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.8 Description OpenMetadata is a unified metadata platform. Calls issued by the user interface against the /api/v1/ingestionPipelines API endpoint leak JSON Web Tokens JWTs used by the ingestion-bot for certa...

Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

MAL-2026-813 Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.4...

CVE-2025-13292

creationtimestamp| type| source ---|---|--- 2026-02-03 17:33:46+00:00| seen| https://bsky.app/profile/google-bot.bsky.social/post/3mdxvfq5l342w...

Malicious code in marshl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e44ea5c8f70f7ca994880bf0bc0a6b2ffe444b3c57852ab81d0426fdbc8f6f22 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-623 Malicious code in marshl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e44ea5c8f70f7ca994880bf0bc0a6b2ffe444b3c57852ab81d0426fdbc8f6f22 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection

The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...

Malicious code in urlsser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f6d5a2656d3741fd7a1a4c50a9d3332a09874ef7c46713d0ad5e36478a063e This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

MAL-2026-468 Malicious code in urlsser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f6d5a2656d3741fd7a1a4c50a9d3332a09874ef7c46713d0ad5e36478a063e This package does not directly contain malicious code, but was uploaded as part of the malicious campaign and is used as a helper in further infection stages...

Cross-site Scripting (XSS)

Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the imported bot preview. An attacker can access sensitive credentials belonging to other users by tricking a victim into previewing...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38260)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38260 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with...

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875

CVE-2026-23875 affects CrawlChat prior to version 0.0.8. The issue is a missing permission check in the Discord bot component, allowing non-administrative guild users to add content to the collection knowledge base by using the jigsaw emoji reaction. This could let regular users insert or influen...

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...