Lucene search
K

457 matches found

Nuclei
Nuclei
added 5 hours ago6 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS6.1AI score0.00524EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Kibana 8.x < 8.16.3 / 8.17.x < 8.17.2 Authorization Bypass (ESA-2026-51)

The version of Kibana installed on the remote host is 8.x prior to 8.16.3 or 8.17.x prior to 8.17.2. It is, therefore, affected by an authorization bypass vulnerability: - Authorization Bypass Through User-Controlled Key CWE-639 in Kibana can lead to unauthorized data modification. Under certain...

6.2AI score
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-54784

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS0.00175EPSS
Exploits0References4
CVE
CVE
added 6 days ago24 views

CVE-2026-54784

CoreWCF CVE-2026-54784 affects CoreWCF 1.9.0 where SPNEGO SecurityContextToken proof key recovered from the RSTR can be observed when using TransportWithMessageCredential with Windows client credentials, enabling impersonation of the Windows principal and decryption/forgery of WS‑SecureConversati...

7.4CVSS6AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/04 2:0 p.m.31 views

CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 2:0 p.m.22 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 2:0 p.m.12 views

EUVD-2026-41677

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 12:0 p.m.21 views

CVE-2026-14626

NousResearch hermes-agent (up to 2026.4.30), specifically the HTTP API component and AIAgent.run_conversation in run_agent.py, is vulnerable. The issue arises from manipulation of the todos argument, enabling remote denial of service. Public exploit is noted, and the vendor was contacted without ...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/04 12:0 p.m.7 views

EUVD-2026-41670

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.runconversation of the file runagent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00524EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-13731

CVE-2026-13731 affects the WPBot – AI ChatBot for WordPress plugin (versions up to and including 8.4.9). The vulnerability is a stored Cross‑Site Scripting (XSS) via the conversation parameter caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbi...

7.2CVSS5.9AI score0.00524EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.34 views

CVE-2026-13731 WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS0.00524EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 3:43 a.m.9 views

EUVD-2026-40889

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible f...

7.2CVSS5.9AI score0.00524EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54475

Name of the Vulnerable Software and Affected Versions WPBot – AI ChatBot for Live Support, Lead Generation, AI Services versions prior to 8.5.0 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique...

7.2CVSS6.1AI score0.00524EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/29 5:0 p.m.39 views

CVE-2026-13591 DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS0.00199EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 5:0 p.m.6 views

EUVD-2026-40153

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS5.3AI score0.00199EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 12:31 a.m.8 views

EUVD-2026-40008

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 12:31 a.m.10 views

EUVD-2026-40005

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References8
NVD
NVD
added 2026/06/28 11:16 p.m.12 views

CVE-2026-13511

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 10:30 p.m.27 views

CVE-2026-13511 VoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authorization

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS0.0022EPSS
Exploits0References7
Rows per page
Query Builder