EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

PT-2026-43348

Name of the Vulnerable Software and Affected Versions Chatwoot versions 2.2.0 through 4.11.1 Description An issue exists in the conversation and contact filter APIs where user-supplied values in the values field of the filter payload are interpolated directly into SQL queries without...

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

CVE-2024-5763

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...