Open WebUI: Forged chat-file link allows cross-user file read and deletion

Summary Open WebUI v0.9.5 lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, hasaccesstofile treats the victim file as accessible...

CVE-2026-36228

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

Exploit for CVE-2026-36228

CVE-2026-36228: Easy Chat Server 3.1 Chat Message mtowho Denia...

EUVD-2026-31472

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

Easy Chat Server 安全漏洞

Easy Chat Server is a LAN chat server software developed by Easy Chat Server Inc. Version 3.1 of Easy Chat Server has a security vulnerability. This vulnerability stems from a buffer overflow in the chat message function, which could allow remote attackers to obtain sensitive information and...

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

PT-2026-28716

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A code injection weakness exists in the Chat Message Handler component, specifically within the CodeExecutor.execute function of the pandasai/core/code execution/code executor.py file. This...

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

PT-2026-26666

CVE-2025-63260 SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message. https://t.co/lkPWuPDbql...

CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

WordPress plugin GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-2822

Name of the Vulnerable Software and Affected Versions GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress versions through 1.1.7 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output...

CVE-2020-7239

The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent...

CVE-2019-25262 elinicksic Razgover Chat Message send.php cross site scripting

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

EUVD-2025-206016

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

CVE-2019-25262

Summary of CVE-2019-25262: In the Razgover project by elinicksic, the vulnerability affects the file Chattify/send.php within the Chat Message Handler. The issue arises from improper manipulation of the msg argument, enabling cross-site scripting (XSS). The threat is described as remote and possi...

PT-2025-54400

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

Japan Total System多款产品 安全漏洞

Japan Total System GroupSession Free edition, among others, is an enterprise collaboration software from Japan Total System, a Japanese company. A security vulnerability exists in several Japan Total System products, which originates from unauthenticated WebSockets and may lead to the disclosure ...