CVE-2026-39964

TypeBot (viewer at packages/embeds/js) before version 3.16.0 renders rich-text bubble links without filtering javascript: URIs. A bot author can set a link to javascript:PAYLOAD, which executes in the visitor’s browser context when clicked, allowing the attacker’s code to run with the host page’s...

CVE-2026-39964 TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. There were security vulnerabilities in versions of Typebot prior to 3.16.0. These vulnerabilities stemmed from the Typebot viewer’s failure to filter javascript: URI schemes when rendering rich text bubble content, allowing...

PT-2026-39703

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

[SECURITY] Fedora 44 Update: gum-0.17.0-3.fc44

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

[SECURITY] Fedora 42 Update: gum-0.16.1-2.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

CVE-2026-32011

CVE-2026-32011 for OpenClaw describes a denial-of-service in webhook handlers used by BlueBubbles and Google Chat. The root cause is that request bodies are parsed before authentication and signature validation, allowing unauthenticated, remote attackers to exhaust parser resources by sending slo...

EUVD-2021-26109

Malware in sbrugna...

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...

[SECURITY] Fedora 41 Update: gum-0.16.1-1.fc41

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

[SECURITY] Fedora 42 Update: gum-0.16.1-1.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages...

CVE-2021-39752

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...

acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)

whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...

Google Android Elevation of Privilege Vulnerability (CNVD-2022-43863)

Google Android is a Linux-based open-source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a privilege bypass in Bubbles. An attacker could exploit the vulnerability to cause a local elevation of privilege...

CVE-2021-39752

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...

CVE-2021-39752

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...

Design/Logic Flaw

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...

CVE-2021-39752

CVE-2021-39752 affects Google's Android 12L with the Bubbles component. It describes a permissions bypass that could enable local elevation of privilege without extra execution privileges or user interaction. Affected product/version: Android 12L (Android ID A-202756848). Root cause: a bypass wit...

CVE-2021-39752

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848...