Lucene search
K

1148 matches found

HackRead
HackRead
added 2025/12/24 11:23 a.m.10 views

Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws

Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:36 a.m.6 views

Malicious code in workvivo-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/12/23 8:36 a.m.5 views

MAL-2025-192887 Malicious code in workvivo-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e993f1097d70a3ff26607309666ae40eebf846a04af39cb76063ca237090bcc The package workvivo-chatbot was found to contain malicious code...

6.8AI score
Exploits0
Patchstack
Patchstack
added 2025/11/27 11:30 a.m.9 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

6.5CVSS7.1AI score0.00249EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/27 9:27 a.m.5 views

CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

5.3CVSS5.1AI score0.00249EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/27 9:27 a.m.10 views

CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ayschatgptsavewpmedia' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload...

5.3CVSS0.00249EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.4 views

WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.4AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.14 views

PT-2025-48254

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays chatgpt save wp media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...

5.3CVSS5.5AI score0.00249EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/11/24 8:10 a.m.10 views

WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...

7.2CVSS7AI score0.00873EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress ChatBot plugin missing authorization vulnerability

WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...

5.3CVSS6.8AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/14 10:11 a.m.8 views

CVE-2025-64277

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

5.3CVSS7AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 7:42 p.m.7 views

EUVD-2025-175361

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

9.6CVSS6.3AI score0.00336EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 12:31 p.m.7 views

EUVD-2025-163773

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

5.3CVSS6.4AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2025/11/13 10:15 a.m.8 views

CVE-2025-64277

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

5.3CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 9:24 a.m.9 views

CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

5.3CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/13 9:24 a.m.3 views

CVE-2025-64277 WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.9...

5.3CVSS6.6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 9:24 a.m.8 views

CVE-2025-64277

CVE-2025-64277 concerns the WordPress ChatBot plugin (versions through 7.3.9). Multiple sources describe a missing/broken authorization vulnerability caused by incorrectly configured access control security levels in QuantumCloud ChatBot, leading to a broken access control condition. The practica...

5.3CVSS6.6AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

WordPress plugin ChatBot 安全漏洞

WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...

5.3CVSS6.5AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.8 views

PT-2025-46808

Name of the Vulnerable Software and Affected Versions QuantumCloud ChatBot versions through 7.3.9 Description An authorization issue exists in QuantumCloud ChatBot that allows exploitation of incorrectly configured access control security levels. Recommendations Update QuantumCloud ChatBot to a...

5.3CVSS6.6AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

Typebot 代码问题漏洞

Typebot is an open source chatbot builder by the individual developer Baptiste Arnaud. A code issue vulnerability exists in versions prior to Typebot 3.13.1 that stems from a server-side request forgery in the Typebot webhook block functionality, which could lead to the extraction of AWS IAM...

9.9CVSS6.8AI score0.00336EPSS
Exploits1References2
Rows per page
Query Builder