CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of queryoperator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addi...

CVE-2022-1021 Insecure Storage of Sensitive Information in chatwoot/chatwoot

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0...

PT-2022-13596 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6.0 Description: The issue concerns insecure storage of sensitive information in the GitHub repository chatwoot/chatwoot. Recommendations: For versions prior to 2.6.0, update to version 2.6.0 or later to...

PT-2022-10693 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.2 Description: The issue concerns improper privilege management. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents...