CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

CVE-2026-28445

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the RatingButton component in the embed package renders the user-controlled customIcon.svg field directly via Solid's innerHTML directive without any sanitization, even though DOMPurify is already a dependency and is used elsewhere ...

8.7CVSS5.7AI score0.00031EPSS

Exploits0References1

RedhatCVE•added yesterday•3 views

CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

7.7CVSS5.4AI score0.00032EPSS

Exploits0References1

RedhatCVE•added yesterday•3 views

CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS5.8AI score0.00052EPSS

Exploits0References1

NVD•added 2026/05/22 7:17 p.m.•6 views

CVE-2026-39970

8.5CVSS0.00052EPSS

Exploits0References2

CVE•added 2026/05/22 6:43 p.m.•15 views

CVE-2026-39969

CVE-2026-39969 (TypeBot) affects TypeBot prior to 3.17.0. The WhatsApp Cloud API webhook endpoint POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook did not verify the x-hub-signature-256 HMAC in deliveries. The endpoint also exposes workspaceId and credentialsId in the URL path, ...

6.5CVSS5.8AI score0.00031EPSS

Exploits0References2

Cvelist•added 2026/05/22 6:36 p.m.•8 views

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS0.00028EPSS

Exploits0References3

ATTACKERKB•added 2026/05/22 6:36 p.m.•4 views

CVE-2026-39967

3.1CVSS5.7AI score0.00028EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/22 6:36 p.m.•6 views

EUVD-2026-31486

3.1CVSS5.7AI score0.00028EPSS

Exploits0References3

NVD•added 2026/05/22 6:16 p.m.•5 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS0.00049EPSS

Exploits0References3

EUVD•added 2026/05/22 5:27 p.m.•5 views

EUVD-2026-31479

7.7CVSS5.8AI score0.00032EPSS

Exploits0References2

Vulnrichment•added 2026/05/22 5:21 p.m.•5 views

CVE-2026-39964 TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

5.4CVSS5.8AI score0.00049EPSS

Exploits0References3

CVE•added 2026/05/22 5:21 p.m.•15 views

CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References3

NVD•added 2026/05/22 5:16 p.m.•5 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS0.00067EPSS

Exploits1References2

Vulnrichment•added 2026/05/22 5:12 p.m.•4 views

CVE-2026-34207 TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Validation

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

7.6CVSS5.8AI score0.0006EPSS

Exploits0References3

EUVD•added 2026/05/22 5:12 p.m.•5 views

EUVD-2026-31470

7.6CVSS5.8AI score0.0006EPSS

Exploits0References3

Cvelist•added 2026/05/22 4:50 p.m.•4 views

CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

10CVSS0.00067EPSS

Exploits1References2

ATTACKERKB•added 2026/05/22 4:50 p.m.•6 views

CVE-2026-33712

10CVSS5.8AI score0.00067EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/05/22 4:12 p.m.•2 views

CVE-2026-28445

8.7CVSS6AI score0.00031EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/22 4:12 p.m.•17 views

CVE-2026-28445

CVE-2026-28445 affects Typebot up to version 3.15.2, where the RatingButton embed component renders user-controlled customIcon.svg via Solid innerHTML without sanitization, despite DOMPurify being present elsewhere. Because rating blocks aren’t flagged as unsafe by the import sanitizer and the bu...

8.7CVSS6AI score0.00031EPSS

Exploits0References3

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42817

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description The Typebot viewer renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. This allows a bot author to set a link URL containing a malicious payload that...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by