CVE-2026-7701 Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereference

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-7701

Telegram Desktop

MAL-2025-49255 Malicious code in custom-telegram-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efed332de627322e3b4c8adc27a889238eb809493e86244e15d96e7b6e45dd87 The package custom-telegram-bot-api was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-37255

Malicious code in custom-telegram-bot-api npm...

Malicious Package

Overview custom-telegram-bot-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2024-50067

Malicious code in bioql PyPI...

EUVD-2024-50065

Malicious code in bioql PyPI...

EUVD-2024-50091

Malicious code in bioql PyPI...

CVE-2024-9685

The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftbtestaction' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-9686

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...

MAL-2025-4084 Malicious code in grammy-telegram-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f9cf91971b8da8348bf38f6f6b21351467c1d6e8eb00c76fdfbd4c52ab6f389 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils 132 downloads node-telegram-bots-api...

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control C2 communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang a...

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, wit...

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...

CVE-2024-9630

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9628 WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...

CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9686

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...