1148 matches found
Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws
Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail...
Malicious code in workvivo-chatbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...
MAL-2025-192887 Malicious code in workvivo-chatbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...
WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability
Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...
CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...
CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...
WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-48254
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...
WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability
Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...
WordPress ChatBot plugin missing authorization vulnerability
WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...
CVE-2025-64277
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...
EUVD-2025-175361
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...
EUVD-2025-163773
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...
CVE-2025-64277
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...
CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...
CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...
CVE-2025-64277
CVE-2025-64277 concerns the WordPress ChatBot plugin (versions through 7.3.9). Multiple sources describe a missing/broken authorization vulnerability caused by incorrectly configured access control security levels in QuantumCloud ChatBot, leading to a broken access control condition. The practica...
WordPress plugin ChatBot 安全漏洞
WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...
PT-2025-46808
Name of the Vulnerable Software and Affected Versions QuantumCloud ChatBot versions through 7.3.9 Description An authorization issue exists in QuantumCloud ChatBot that allows exploitation of incorrectly configured access control security levels. Recommendations Update QuantumCloud ChatBot to a...
Typebot 代码问题漏洞
Typebot is an open source chatbot builder by the individual developer Baptiste Arnaud. A code issue vulnerability exists in versions prior to Typebot 3.13.1 that stems from a server-side request forgery in the Typebot webhook block functionality, which could lead to the extraction of AWS IAM...