50 matches found
CVE-2026-8823 User Manager can demote bot accounts to guest without bot-management permission
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...
EUVD-2026-38248
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...
FortressWAF
FortressWAF — Web Application Firewall !Licensehttps://im...
Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses
The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...
Bot Management for the Agentic Era
Learn how bot management is evolving in the age of AI agents, with new authentication standards, monetization models, and ways to manage AI-driven automation...
EUVD-2023-2588
Malicious code in bioql PyPI...
EUVD-2024-23425
Malicious code in bioql PyPI...
How Search Engines, LLMs, and Third-Party Scrapers Affect Bot Management
...
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
The Rise of the LLM AI Scrapers: What It Means for Bot Management
Explore the rise of LLM AI scrapers and learn how to adapt to growing bot traffic with data-backed insights from our research...
The Rise of the LLM AI Scrapers: What It Means for Bot Management
Explore the rise of LLM AI scrapers and learn how to adapt to growing bot traffic with data-backed insights from our research...
CVE-2024-26136
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...
Managing AI Bots as Part of Your Overall Bot Management Strategy
Learn about the potential impacts of AI bots and the importance of having a holistic bot management strategy...
Imperva: A Leader in WAAP
Imperva – a Thales company and leading provider of Web Application and API Protection WAAP solutions, is a force to be reckoned with in the cybersecurity landscape. Our comprehensive approach to security, encompassing database security, enterprise application security, bot management, DDoS...
NetScaler AppFirewall: Configuration, CEF logging, Signatures
Introduction This article provides a list of resources on how to Configure, investigate, troubleshoot, and prevent the most common issues with NetScaler AppFirewall. Overview of the Issue NetScaler web application firewall WAF provides comprehensive protection for web applications from various...
Have Web Trust Issues? Bot Management Can Help
...
The Importance of Bot Management in Your Marketing Strategy
Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping...
Design/Logic Flaw
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...
CVE-2024-26136 kedi ElectronCord's Discord Token is public
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...
CVE-2024-26136
CVE-2024-26136 — kedi ElectronCord is a Discord bot-management tool. The issue arises from a commit that exposes an account access token in the config.json file, enabling potential unauthorized access or actions on behalf of the repository owner. Several connected sources corroborate token exposu...