Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/04/23 7:11 p.m.3 views

CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.3AI score0.00107EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/21 6:30 a.m.3 views

EUVD-2026-13998

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00107EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/03/21 3:26 a.m.4 views

CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS5.8AI score0.00107EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/03/21 3:26 a.m.26 views

CVE-2026-3506 WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

5.3CVSS0.00107EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2025/03/22 12:53 p.m.3 views

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

4.3CVSS7AI score0.00167EPSS
Exploits1References1
NVD
NVDadded 2025/03/20 10:15 a.m.4 views

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...

4.3CVSS0.00167EPSS
Exploits1References1
Rows per page
Query Builder