WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

How Thales Protects Online Retail Sites from AI-Driven Bots during Holiday Shopping Season

Every November and December, online retailers gear up for their biggest revenue surge of the year. But while the traffic and transactions climb, so does the threat level. Cybercriminals know exactly when customer activity and the pressure on retail systems is at its highest and they’re automating...

CVE-2025-13068

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

Core-Bot 信息泄露漏洞

Core-Bot is a chatbot open-sourced by Intercore Productions. An information disclosure vulnerability exists in versions prior to Core-Bot dffe050, which stems from a configuration digest that may disclose sensitive data, potentially leading to an information disclosure...

EUVD-2025-199666

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

CVE-2025-65957

Core Bot (open-source Discord bot for maple hospital servers) contained an information-disclosure vulnerability prior to commit dffe050, where API keys (SUPABASE_API_KEY, TOKEN) loaded from environment variables could be exposed in configuration summaries, logs, or embeds due to incomplete redact...

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

WordPress Telegram Bot & Channel plugin <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username vulnerability

Unauthenticated Stored Cross-Site Scripting via Telegram Username vulnerability discovered by venom5iix in WordPress Plugin Telegram Bot & Channel versions = 4.1...

CVE-2025-13068 Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2025-199534

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-47982

Name of the Vulnerable Software and Affected Versions Telegram Bot & Channel plugin for WordPress versions prior to 4.2 Description The Telegram Bot & Channel plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Telegram username. Insufficient input sanitization and outp...

PT-2025-48098

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASE API KEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak...

WordPress plugin Telegram Bot & Channel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

@ichidao/ichi-sdk (>=0.0.63 <=0.0.249), @strkfarm/sdk (>=1.0.8 <=1.0.16) +3 more potentially affected by unknown CVE via coinmarketcap-api (=3.1.1)

coinmarketcap-api NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on coinmarketcap-api and may be impacted: - @ichidao/ichi-sdk =0.0.63, =1.0.8, =0.0.1, =1.0.0, =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19094...

@ichidao/ichi-sdk (>=0.0.63 <=0.0.249), @strkfarm/sdk (>=1.0.8 <=1.0.16) +3 more potentially affected by unknown CVE via coinmarketcap-api (=3.1.1)

coinmarketcap-api NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on coinmarketcap-api and may be impacted: - @ichidao/ichi-sdk =0.0.63, =1.0.8, =0.0.1, =1.0.0, =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory:...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in discord-bot-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 776ab082f80b19df2b2fcc6ab43b00b9ca8bfa0f5ca3d9154efb2aa7de6ee7db The package discord-bot-server was found to contain malicious code. Source: ghsa-malware...