AnythingLLM Security Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from insufficient password checking...

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. AnythingLLM has a security vulnerability that stems from the lack of any validation and is capable of including malicious links into submitted document links in the workspace...

AnythingLLM Code Issue Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a code issue vulnerability that stems from the presence of a server-side request forgery vulnerability. The vulnerability can be exploited to obtain AWS server data...

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools--presumably coding tools--to improve their hacking abilities. From their report: In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries--tracked as...

CVE-2024-21624

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-21624

Summary (CVE-2024-21624): nonebot2, a Python-based asynchronous chatbot framework, has a potential information leak in user-constructed templates via the MessageTemplate mechanism. The root cause involves incorporating user-provided data into templates, which may expose sensitive data (e.g., envi...

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

ChatGPT accused of breaking data protection rules

Italys Data Protection Authority GPDP has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence AI chatbot that can engage in conversatio...

CVE-2024-24566

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

Authorization

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

CVE-2024-24566

CVE-2024-24566 affects Lobe Chat: improper access control lets users access plugins without password when ACCESS_CODE is used. Documented PoC shows exploitation via /api/plugin/gateway; impact is unauthorized plugin access. The issue is patched in version 0.122.4; remediation is to upgrade to 0.1...

CVE-2024-24566 Lobe Chat unauthorized access to plugins

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

CVE-2024-22309

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

CVE-2024-22309 WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

CVE-2024-22309

CVE-2024-22309 : WordPress ChatBot with AI plugin vulnerable up to 5.1.0 due to deserialization of untrusted data (PHP Object Injection). Exploitation requires no authentication. Connected sources indicate the issue was fixed with patches in newer releases; ensure upgrade to a non-vulnerable vers...

CVE-2024-22309 WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

ChatBot < 5.1.1 - Unauthenticated PHP Object Injection

Description The ChatBot with AI plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.0 via deserialization of untrusted input via the lastfiveprompt cookies. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain i...

WordPress plugin ChatBot with AI code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...