24 matches found
CVE-2025-13427
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...
EUVD-2025-204394
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...
CVE-2025-13427
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...
CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...
CVE-2025-13427
CVE-2025-13427 concerns an authentication bypass in Google Cloud Dialogflow CX Messenger. The vulnerability allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents’ knowledge and the ability to trigger their intents by manipulating initialization parame...
CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...
PT-2025-52356
Name of the Vulnerable Software and Affected Versions Google Cloud Dialogflow CX Messenger versions prior to August 20th, 2025 Description An authentication bypass issue in Google Cloud Dialogflow CX Messenger permitted unauthorized users to interact with restricted chat agents. This allowed acce...
Google Cloud Dialogflow CX Messenger 安全漏洞
Google Cloud Dialogflow CX Messenger is software that is a building block conversational AI platform from Google, Inc USA. A security vulnerability exists in Google Cloud Dialogflow CX Messenger that stems from an authentication bypass that could result in an unauthenticated user accessing a...
CVE-2025-12952
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
CVE-2025-12952
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
EUVD-2025-202399
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
CVE-2025-12952
CVE-2025-12952 describes a privilege-escalation in Google Cloud Dialogflow CX. Investigations across multiple sources indicate that agents with Webhook editor permission could misuse Dialogflow service agent access token authentication to escalate from agent-level to project-level, enabling acces...
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
PT-2025-50307
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
Google Cloud Dialogflow CX 安全漏洞
Google Cloud Dialogflow CX is a virtual agent building platform from Google, Inc USA. A security vulnerability exists in Google Cloud Dialogflow CX, which stems from a misconfiguration of the Webhook editor permissions that could lead to elevated privileges...
EUVD-2025-199369
Malicious code in dialogflow-es npm...
MAL-2025-191393 Malicious code in dialogflow-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc28670a312b03ed84a92c48dcc51356053c6dc516a8360a44e47eed31815486 The package dialogflow-es was found to contain malicious code. Source: google-open-source-security...
Malicious code in dialogflow-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc28670a312b03ed84a92c48dcc51356053c6dc516a8360a44e47eed31815486 The package dialogflow-es was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...