CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

EUVD-2026-31485

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

CVE-2026-39969

CVE-2026-39969 (TypeBot) affects TypeBot prior to 3.17.0. The WhatsApp Cloud API webhook endpoint POST /v1/workspaces/{workspaceId}/whatsapp/{credentialsId}/webhook did not verify the x-hub-signature-256 HMAC in deliveries. The endpoint also exposes workspaceId and credentialsId in the URL path, ...

PT-2026-42825

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.17.0 Description The WhatsApp Cloud API webhook endpoint 'POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook' fails to verify the x-hub-signature-256 HMAC signature provided by Meta. Because the...

Cybertron Privacy Drive 代码问题漏洞

Cybertron Privacy Drive is a security software from Cybertron Corporation that supports disk encryption, creation of virtual encrypted volumes, and protection of privacy data. Version 3.17.0 of Cybertron Privacy Drive has a code vulnerability. This vulnerability stems from an unreferenced service...

CVE-2025-22288 WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

EUVD-2025-38034

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

CVE-2025-22288

CVE-2025-22288 is a path traversal vulnerability in the WordPress Smush Image Compression and Optimization plugin (wp-smushit) by WPMU DEV. The issue is described as a directory traversal flaw allowing access via a path like '.../...//', affecting the Smush Image Compression and Optimization plug...

CVE-2025-22288 WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

EUVD-2019-19000

Malware in sbrugna...

WordPress plugin Zox News 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2025-6170 · WordPress · Zox News - Professional Wordpress News & Magazine Theme

Name of the Vulnerable Software and Affected Versions: Zox News - Professional WordPress News & Magazine Theme plugin for WordPress versions up to and including 3.17.0 Description: The vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks...

SUSE SLES12 Security Update : openCryptoki (SUSE-SU-2024:2298-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2298-1 advisory. openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak -...

SUSE CVE-2023-46250

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

VNote Cross-Site Scripting Vulnerability

VNote is an open source cross-platform Markdown note-taking tool. A security vulnerability exists in VNote 3.17.0 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the component Markdown File Handler...

SQL Injection in sequelize

Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later...

GHSA-VX5C-87QX-CV6C Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later...