CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical...

7.1AI score

Exploits0

NVD•added 2025/09/22 8:15 p.m.•3 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

4.8CVSS0.00221EPSS

Exploits1References1

Positive Technologies•added 2025/09/22 12:0 a.m.•3 views

PT-2025-39066

Name of the Vulnerable Software and Affected Versions MagicProject AI version 9.1 Description MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS issue within the chatbot generation feature accessible to authenticated admin users. The issue is located in the prompt parameter...

4.8CVSS6.2AI score0.00221EPSS

Exploits1References7

CVE•added 2025/09/22 12:0 a.m.•14 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability in the chatbot generation feature. The flaw resides in the prompt parameter sent to /dashboard/user/generator/generate-stream via a multipart/form-data POST, where insufficient input sanitization allows HTML/Jav...

4.8CVSS5.8AI score0.00221EPSS

Exploits1References1Affected Software1

Malwarebytes•added 2025/09/16 1:6 p.m.•7 views

Grok, ChatGPT, other AIs happy to help phish senior citizens

If you are under the impression that cybercriminals need to get their hands on compromised AI chatbots to help them do their dirty work, think again. Some AI chatbots are just so user friendly that they can help the user craft phishing text, and even malicious HTML and Javascript code. A few week...

6.8AI score

Exploits0

Snyk•added 2025/09/15 2:26 a.m.•3 views

Malicious Package

Overview cld-ai-chatbot-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

CNVD•added 2025/09/11 12:0 a.m.•3 views

WordPress AI ChatBot for WordPress plugin cross-site scripting vulnerability

WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...

3.5CVSS5.8AI score0.00241EPSS

Exploits1References1