2190 matches found
WordPress Traffic Monitor 3.2.2 Unauthenticated Bot Logging Disable
This repository features a Nuclei template specifically designed to detect an unauthenticated bot logging disable vulnerability in the Traffic Monitor WordPress plugin. This issue allows unauthenticated attackers to remotely disable bot logging via a vulnerable AJAX action. It affects versions up...
WordPress plugin Traffic Monitor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Malicious code in rpc-bot-v13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36bae9a92f55450da9079525255c532c3077ebdf05866aed4790c5cdb1fe64b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4876 Malicious code in rpc-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87182c83e9db057d45382e581932553c84fa77422e5721046571790adba09005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4877 Malicious code in rpc-bot-v13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36bae9a92f55450da9079525255c532c3077ebdf05866aed4790c5cdb1fe64b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in rpc-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87182c83e9db057d45382e581932553c84fa77422e5721046571790adba09005 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-48053
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...
CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote...
Azure Bot Framework Chatbot Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Azure Bot Framework chatbot on the target application. Azure Bot Framework is a solution to build & deploy AI customer experiences. This detection is included in the AI and LLM category. No sour...
CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
GHSA-8CGX-9CCJ-3GWR Mattermost fails to clear Google OAuth credentials
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
Mattermost fails to clear Google OAuth credentials
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost server versions 9.11.x <= 9.11.12, 10.5.x <= 10.5.3, 10.6.x <= 10.6.2, and 10.7.x
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
PT-2025-23307 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.12 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 10.6.x through 10.6.2 Mattermost versions 10.7.x through 10.7.0 Description: The issue arises when Mattermost fails to clear Google OAuth...
CVE-2025-23197
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service DoS whereby it can crash on restart due...