2190 matches found
More AIs Are Taking Polls and Surveys
I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to...
Malicious code in grammy-telegram-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f9cf91971b8da8348bf38f6f6b21351467c1d6e8eb00c76fdfbd4c52ab6f389 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4084 Malicious code in grammy-telegram-bot-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f9cf91971b8da8348bf38f6f6b21351467c1d6e8eb00c76fdfbd4c52ab6f389 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
WordPress Bot for Telegram on WooCommerce plugin <= 1.2.6 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Bot for Telegram on WooCommerce versions = 1.2.6...
Cocotais Bot has builtin .echo command injection
Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...
GHSA-MJ2C-8HXF-FFVQ Cocotais Bot has builtin .echo command injection
Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...
CVE-2025-48268
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through = 1.2.6...
CVE-2025-48268 WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bot for Telegram on WooCommerce: from n/a through 1.2.6...
CVE-2025-48268
CVE-2025-48268 : Missing Authorization in WordPress plugin “Bot for Telegram on WooCommerce” (Guru Team Bot for Telegram on WooCommerce) allows improper access control. Affected: plugin versions 1.2.6 and earlier. Exploitation could enable privilege elevation due to misconfigured access levels. P...
CVE-2025-48268 WordPress Bot for Telegram on WooCommerce plugin <= 1.2.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through = 1.2.6...
MAL-2025-4025 Malicious code in solana-sniper-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab5b4304f1021114e51758ac79fce358d42496edb340cef7df2d5639efa12a74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in solana-sniper-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab5b4304f1021114e51758ac79fce358d42496edb340cef7df2d5639efa12a74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress plugin Bot for Telegram on WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-21978 · Unknown · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: Guru Team Bot for Telegram on WooCommerce versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...
CVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948
Cocotais Bot (QQ bot framework) has a command-echo vulnerability. In versions 1.5.0-test2-hotfix through 1.6.1, an unauthenticated user can abuse /echo to trigger privileged behavior by injecting platform tags, causing the bot to mention all chat members and bypassing permissions. The issue stem...