CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/11 12:0 a.m.•10 views

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 15...

4.3CVSS5.5AI score0.00211EPSS

Exploits0References1

Vulnrichment•added 2026/05/22 6:12 p.m.•7 views

CVE-2026-39966 TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter wi...

CVE•added 2026/05/22 6:12 p.m.•25 views

CVE-2026-39966

TypeBot (chatbot builder) vulnerability CVE-2026-39966: in versions up to 3.15.2, getLinkedTypebots allows any authenticated user to read full bot definitions (including blocks, logic, credentials, API keys, PII, webhook URLs, and integration configs) across workspaces due to an authorization che...

ATTACKERKB•added 2026/05/22 6:12 p.m.•3 views

CVE-2026-39966

Exploits0References4Affected Software1

ATTACKERKB•added 2026/05/22 5:21 p.m.•8 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/22 12:0 a.m.•11 views

PT-2026-42820

Packet Storm News•added 2026/05/13 12:0 a.m.•9 views

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

5.8AI score

Akamai Blog•added 2026/04/08 9:0 a.m.•5 views

Protecting Publishing: The Real Cost of AI Bots

...

5.9AI score

Imperva Blog•added 2026/04/06 10:29 p.m.•6 views

Why AI Bot Protection and Control Are Essential for Application Security

AI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application...

5.5AI score

Malwarebytes•added 2026/04/06 7:1 a.m.•5 views

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands "DarkSword" patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI...

5.9AI score

EUVD•added 2026/04/01 12:1 a.m.•4 views

EUVD-2026-17435

OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade...

5.3CVSS5.8AI score0.00297EPSS

Exploits0References4

NVD•added 2026/03/31 3:16 p.m.•3 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS0.00297EPSS

Patchstack•added 2026/03/30 1:3 p.m.•10 views

WordPress Blackhole for Bad Bots plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability discovered by Huynh Pham Thanh Luc in WordPress Plugin Blackhole for Bad Bots versions = 3.8...

7.2CVSS5.9AI score0.00315EPSS

Exploits0References1Affected Software1

Malwarebytes•added 2026/03/27 1:34 p.m.•6 views

Criminals are renting virtual phones to bypass bank security

Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions. Cloud phones are virtual Android devices that can fully mimic real device fingerprints model, hardware, IP, timezone, sensor data, behavior. This allows them to undermine banks’...

6AI score

ATTACKERKB•added 2026/03/26 3:37 a.m.•2 views

CVE-2026-4329

The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield when capturing bot data which...

7.2CVSS6AI score0.00315EPSS

Exploits0References13

Vulnrichment•added 2026/03/26 3:37 a.m.•2 views

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

7.2CVSS6AI score0.00315EPSS

Exploits0References12

Cvelist•added 2026/03/26 3:37 a.m.•33 views

CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header

7.2CVSS0.00315EPSS

Exploits0References12

Positive Technologies•added 2026/03/26 12:0 a.m.•9 views

PT-2026-28202

7.2CVSS6AI score0.00315EPSS

Exploits0References13

HackRead•added 2026/03/09 11:6 p.m.•5 views

Dutch Intel Warns of Russian Hackers Hijacking Signal, WhatsApp Attacks

Dutch intelligence warns Russian hackers are hijacking Signal and WhatsApp accounts using fake support bots and verification code scams targeting officials and journalists...

5.8AI score