MAL-2025-2561 Malicious code in chatbot-dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5af371ce3024a5ed217ff2baf8b2a9443cf92ae8a1993552e3679be6f83698a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

CVE-2024-11821 Privilege Escalation in langgenius/dify

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

CVE-2024-11821 Privilege Escalation in langgenius/dify

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

CVE-2024-11821

CVE-2024-11821 affects langgenius/dify 0.9.1. The issue is a privilege escalation where a normal user can modify Orchestrate instructions for an admin-created chatbot due to improper access control on the endpoint /console/api/apps/{chatbot-id}/model-config. The CVE entry lists a CVSSv3 base scor...

Malicious code in n11-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a368f528c1eb4b3da0f52628aed3b3e5ca54083842086c30a70a91d1110a3cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2559 Malicious code in n11-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a368f528c1eb4b3da0f52628aed3b3e5ca54083842086c30a70a91d1110a3cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AI Chatbot DeepSeek R1 Can Be Manipulated to Create Malware

Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While…...

CVE-2025-26932

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

CVE-2025-26932

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

CVE-2025-26932

CVE-2025-26932 affects WPBot (WordPress WPBot ChatBot). The vulnerability is an authenticated Local File Inclusion (LFI) due to improper control of include/require statements. Affected versions are ChatBot up to 6.3.5. Patch status: Patched in the available update.

CVE-2025-26932 WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

CVE-2025-26932 WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through = 6.3.5...

WordPress plugin ChatBot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-7853 · Unknown · Quantumcloud Chatbot

Name of the Vulnerable Software and Affected Versions: QuantumCloud ChatBot versions n/a through 6.3.5 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, which allows PHP Local...

WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin ChatBot versions = 6.3.5...

CVE-2024-29090

Server-Side Request Forgery SSRF vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4...

A suicide reveals the lonely side of AI chatbots, with Courtney Brown (Lock and Code S06E03)

Today on the Lock and Code podcast … In February 2024, a 14-year-old boy from Orlando, Florida, committed suicide after confessing his love to the one figure who absorbed nearly all of his time—an AI chatbot. For months, Sewell Seltzer III had grown attached to an AI chatbot modeled after the...

CVE-2024-55241

An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component...