CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions 3.9.0 and 3.9.1 of JeecgBoot contain access control vulnerability issues. This vulnerability stems from a lack of authentication in the AI Chat Module component’s...

DRUPAL-CONTRIB-2025-119

This modules provides the ability to chat with an AI Agent using a large-language model LLM provider for different purposes. The module doesn’t sufficiently filter LLM responses. This leads to a cross-site scripting XSS vulnerability where an attacker can use prompt injections on user-generated...

CVE-2025-13381

CVE-2025-13381 (AYS & WordPress) Vulnerability exists in the AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress due to a missing capability check in the ays_chatgpt_save_wp_media function through version 2.7.0, enabling unauthenticated users to upload media files. Wordfence...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...