CVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take ove...

CVE-2023-1651

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to...

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

CVE-2022-39302

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

CVE-2021-29466

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace'..', '' into the...

CVE-2021-32795

ArchiSteamFarm is a C application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service aka DoS vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat...

CVE-2021-32646

Roomer is a discord bot cog extension which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the manage channel permissions in a private VC they have joined. This allowed them to make changes ...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

CVE-2021-37522

SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js...

CVE-2021-29502

WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...

CVE-2021-29501

Ticketer is a command based ticket system cog plugin for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disabl...

CVE-2021-29465

Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files ...

CVE-2021-30478

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the canforgesender permission previously isapisuperuser resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same...

CVE-2016-4426

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm...

CVE-2015-10096

A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function gettweets of the file lib/twitterbot/plugins/twitterannouncer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate...

CVE-2014-125066

A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. I...

The Rise of the LLM AI Scrapers: What It Means for Bot Management

Explore the rise of LLM AI scrapers and learn how to adapt to growing bot traffic with data-backed insights from our research...

The Rise of the LLM AI Scrapers: What It Means for Bot Management

Explore the rise of LLM AI scrapers and learn how to adapt to growing bot traffic with data-backed insights from our research...

CVE-2025-48268

Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through = 1.2.6...