CVE-2025-12078

The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2025-197933

The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin ArtiBot Free Chat Bot for WebSites 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ArtiBot Free Chat Bot for WebSites plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...

CVE-2025-40138

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fscheckquotaconsistency syzbot reported a f2fs bug as below: Oops: gen 107.736417 T5848 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 ...

MAL-2025-182193 Malicious code in gociay-unga-fugiufcgiaga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d623b8122fcd8f439c7ff440d4925865408fc94bb86bf0b21e364df9b2f83fd7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-161035 Malicious code in musik-dait-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5345333170d823915e8b650dd3ba6878743d12947925b59b6c1dfc44f3e15c21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in galih-mangut54-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 554e4fd3e0a13ccbd91095ff25735713ba91902f67fd3fc6e4a848db89add8c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

How credentials get stolen in seconds, even with a script-kiddie-level phish

This attempt to phish credentials caught our attention, mostly because of its front-end simplicity. Even though this is a script-kiddie-level type of attack, we figured it was worth writing up—precisely because it’s so easy to follow what they're up to. The email is direct and to the point. Not a...

kernel: vxlan: check vxlan_vnigroup_init() return value

In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlanvnigroupinit return value vxlaninit must check vxlanvnigroupinit success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c:...

CAHICHA: Computer Automated Hardware Interaction Test to Tell Computer and Humans Apart

As automation bot technology and Artificial Intelligence is evolving rapidly, conventional human verification techniques like voice CAPTCHAs and knowledge-based authentication are becoming less effective. Bots and scrapers with Artificial Intelligence AI capabilities can now detect and solve visu...

Redefine Trust with Web Bot Authentication

...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

EUVD-2025-38296

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

Directory Traversal

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Directory Traversal via the installpluginupload handler, which parses the filename from the request body and assigns it directly to filepath without validation. An attacker can write arbitrary files t...

SourceCodester FAQ Bot with AI Assistant 安全漏洞

SourceCodester FAQ Bot with AI Assistant is an open source question and answer bot with artificial intelligence assistant by SourceCodester. A security vulnerability exists in SourceCodester FAQ Bot with AI Assistant v1.0, which stems from improper handling of user-supplied input and could lead t...

CVE-2025-63639

The CVE-2025-63639 entry describes an XSS vulnerability in Sourcecodester FAQ Bot with AI Assistant v1.0, specifically in the chat feature where user input is not properly sanitized. Affected component: chat/messages handling in the FAQ Bot. Root cause: improper handling of user-supplied input le...

PT-2025-45496

Name of the Vulnerable Software and Affected Versions Sourcecodester FAQ Bot with AI Assistant version 1.0 Description The application’s chat feature is susceptible to Cross-Site Scripting XSS because of inadequate handling of user-provided input. An attacker can inject malicious HTML or JavaScri...