Lucene search
+L

1227 matches found

OSV
OSV
added 2026/05/25 9:5 a.m.13 views

MAL-2026-4328 Malicious code in ts-result-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97286c3b19bbcf773e8a53257eb3ffbad2ec6c7b39d63ef1a6b36b0b63b60e56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 9:5 a.m.15 views

Malicious code in ts-result-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97286c3b19bbcf773e8a53257eb3ffbad2ec6c7b39d63ef1a6b36b0b63b60e56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/25 9:5 a.m.12 views

Malicious Package

Overview ts-result-pipe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/05/22 6:36 p.m.28 views

CVE-2026-39967

TypeBot (versions ≤ 3.15.2) suffers a missing typebotId filter in its findResult query, allowing an authenticated user to load result data (answers, variable values, hasStarted flag) from another typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is limited by cryptog...

3.1CVSS5.7AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:36 p.m.7 views

CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.7AI score0.00186EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/22 6:36 p.m.11 views

EUVD-2026-31486

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.7AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 6:36 p.m.19 views

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS0.00186EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 6:36 p.m.2 views

CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.9AI score0.00186EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 5:16 p.m.16 views

CVE-2026-28444

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 4:0 p.m.12 views

EUVD-2026-31467

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 4:0 p.m.30 views

CVE-2026-28444

Typebot (chatbot builder) CVE-2026-28444: IDOR in GET /getResultLogs on versions

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 4:0 p.m.2 views

CVE-2026-28444 Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS6AI score0.00316EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42797

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

6.5CVSS5.9AI score0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42824

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description An issue in the bot engine's findResult query fails to filter results by typebotId. This allows an authenticated user to load result data, including user answers and variable values, from a differen...

3.1CVSS5.8AI score0.00186EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: The result size returned for the admin command completion has been corrected. The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 12:52 a.m.31 views

CVE-2026-43617

CVE-2026-43617 affects rsync

6.3CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/20 12:52 a.m.4 views

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS6AI score0.00282EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.12 views

CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.15 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 9:16 a.m.23 views

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

6.5CVSS0.00232EPSS
Exploits0References4
Rows per page
Query Builder