19 matches found
MAL-2026-4593 Malicious code in klaudius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...
CVE-2026-44116
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
CVE-2026-44116
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
EUVD-2026-26839
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...
CVE-2026-6576
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
EUVD-2026-23707
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-6576
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-6576 liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-6576
CVE-2026-6576 affects liangliangyy DjangoBlog (up to version 2.1.0.0) via the WeChat Bot Interface, specifically the servermanager/api/commonapi.py CommandHandler. The root cause is a vulnerability allowing manipulation of the Source argument to achieve command injection, with remote exploitation...
CVE-2026-6576 liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-6576
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
PT-2026-33641
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2024-9628
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...
CVE-2024-9630
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...
CVE-2024-9686
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...
PT-2024-39728 · WordPress · Wps Telegram Chat
Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue allows authenticated attackers with subscriber-level access and above to have full access to the Telegram Bot API endpoint and communicate with...
IBM Robotic Process Automation 访问控制错误漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation...
CVE-2022-41294
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807...
Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices
For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...