CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

PT-2026-42797

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

PT-2026-42824

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description An issue in the bot engine's findResult query fails to filter results by typebotId. This allows an authenticated user to load result data, including user answers and variable values, from a differen...

CVE-2025-8704

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEASAlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulatio...

CVE-2025-8704

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEASAlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulatio...

CVE-2021-24221

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the resultid GET parameter on pages with the qsmresult shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to...