Lucene search
K

1144 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 9:6 a.m.2 views

CVE-2026-4262 Incorrect authorization in HiJiffy Chatbot

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:6 a.m.2 views

CVE-2026-4262

Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 9:6 a.m.17 views

CVE-2026-4262

HiJiffy Chatbot contains an incorrect authorization vulnerability. An attacker can download private messages by manipulating the ID parameter in the API endpoint /api/v1/download//. The CVSS base score is 6.9 (Medium) with Network attack vector, low attack complexity, no privileges required, and ...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28641

Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot affected versions not specified Description An incorrect authorization issue exists in HiJiffy Chatbot that allows an attacker to download private messages from other users. This is achieved by exploiting the visitor parameter...

6.9CVSS5.9AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28640

Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot affected versions not specified Description An incorrect authorization issue exists in HiJiffy Chatbot. This allows an attacker to download private messages belonging to other users. The issue is due to improper access control...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

HiJiffy Chatbot 安全漏洞

HiJiffy Chatbot is a customer communication and automated response system for the hospitality industry developed by HiJiffy. There is a security vulnerability in HiJiffy Chatbot, which stems from improper authorization. This vulnerability could allow attackers to download private messages from...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15847

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

5.9AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.4 views

CVE-2026-32499

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.25 views

CVE-2026-32499 WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.10 views

CVE-2026-32499

CVE-2026-32499 is an unauthenticated SQL injection in the WordPress WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin (WPBot) up to version 7.7.9. Root cause is improper neutralization of input in the plugin’s SQL queries, allowing blind SQL injection. Public details in con...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32499 WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.17 views

CVE-2026-32499

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

5.9AI score0.00283EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin ChatBot SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/22 10:18 p.m.5 views

WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability

Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-13998

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References9
NVD
NVD
added 2026/03/21 4:17 a.m.8 views

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.28 views

CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS0.00273EPSS
Exploits0References8
CVE
CVE
added 2026/03/21 3:26 a.m.17 views

CVE-2026-3506

WP-Chatbot for Messenger plugin for WordPress (up to version 4.9) suffers an authorization bypass due to improper verification of user permissions, enabling unauthenticated attackers to overwrite the site’s MobileMonkey API token and company ID options . This can hijack chatbot configuration and ...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.5 views

CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References8
Rows per page
Query Builder