Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/22 7:17 p.m.5 views

CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS0.00041EPSS
Exploits0References3
CVE
CVEadded 2026/05/22 4:50 p.m.34 views

CVE-2026-33712

Technical details (affected version, root cause, exploit, or patch specifics) are not publicly available in the provided documents. Monitor for updates.

10CVSS5.8AI score0.00067EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/22 4:50 p.m.6 views

CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS0.00067EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/22 4:50 p.m.4 views

CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.8AI score0.00067EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/22 12:0 a.m.12 views

PT-2026-42821

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.15.3 Description An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The getCredentials utility function employs a falsy check...

7.1CVSS5.8AI score0.00041EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.5 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the preview chat endpoint, which allowed unverified users to forge server-side requests by providing custom bot...

10CVSS5.8AI score0.00067EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.5 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the fact that the bot-engine still allows any authenticated user to use credentials from any workspace through the...

7.1CVSS5.8AI score0.00041EPSS
Exploits0References3
Rows per page
Query Builder