EUVD-2025-209411

A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used...

EUVD-2008-6843

Malware in sbrugna...

EUVD-2024-35259

Malicious code in bioql PyPI...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

PT-2025-30419 · Telegai · Telegai

Name of the Vulnerable Software and Affected Versions: TelegAI affected versions not specified Description: The application contains a stored cross-site scripting XSS issue in its chat component and character container component. An attacker can execute arbitrary client-side scripts by creating a...

CVE-2025-51862

Insecure Direct Object Reference IDOR vulnerability in TelegAI telegai.com thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and...

CVE-2025-51860

TelegAI (telegai.com) is affected by a Stored XSS (CVE-2025-51860) in its chat component and character container. The vulnerability allows an attacker to craft an AI Character with SVG XSS payloads in fields such as description, greeting, example dialog, or system prompt, causing arbitrary client...

CVE-2025-51862

TelegAI (telegai.com) is affected by an Insecure Direct Object Reference (IDOR) vulnerability in its chat component. Exploitation relies on manipulating the profile_id in chat-related API calls (as evidenced by the GitHub exploit, PT-2025-30420 description, and other reports), enabling an attacke...

CVE-2025-51859

Stored Cross-Site Scripting XSS vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model LLM to embed malicious script payloads...

Chaindesk Cross Site Scripting

Chaindesk, a web application for constructing AI Agents, is vulnerable to a persistent cross site scripting vulnerability in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language...

Exploit for CVE-2025-51864

CVE-2025-51864 Vulnerability description AIBOX is a web...

PT-2025-26736 · Mitel · Mitel Micontact Center Business

Name of the Vulnerable Software and Affected Versions: Mitel MiContact Center Business versions through 10.2.0.3 Description: A vulnerability in the legacy chat component could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. ...

PT-2025-26737 · Mitel · Mitel Micontact Center Business

Name of the Vulnerable Software and Affected Versions: Mitel MiContact Center Business versions 10.0.0.0 through 10.0.0.4 Mitel MiContact Center Business versions 10.1.0.0 through 10.1.0.5 Mitel MiContact Center Business versions 10.2.0.0 through 10.2.0.4 Description: A vulnerability in the legac...

CVE-2024-42514

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to...

CVE-2024-42514

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to...

PT-2024-29999 · Mitel · Mitel Micontact Center Business

Name of the Vulnerable Software and Affected Versions: Mitel MiContact Center Business versions through 10.1.0.4 Description: A vulnerability in the legacy chat component could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A...

CVE-2024-8784

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users with the input...

CVE-2024-8784 QDocs Smart School Management System Chat mynewuser sql injection

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users with the input...

CVE-2024-8784 QDocs Smart School Management System Chat mynewuser sql injection

A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users with the input...