1227 matches found
MAL-2026-4328 Malicious code in ts-result-pipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97286c3b19bbcf773e8a53257eb3ffbad2ec6c7b39d63ef1a6b36b0b63b60e56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ts-result-pipe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97286c3b19bbcf773e8a53257eb3ffbad2ec6c7b39d63ef1a6b36b0b63b60e56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview ts-result-pipe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-39967
TypeBot (versions ≤ 3.15.2) suffers a missing typebotId filter in its findResult query, allowing an authenticated user to load result data (answers, variable values, hasStarted flag) from another typebot by supplying a foreign resultId to the startChat endpoint. Exploitation is limited by cryptog...
CVE-2026-39967
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...
EUVD-2026-31486
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...
CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...
CVE-2026-39967 TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...
CVE-2026-28444
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...
EUVD-2026-31467
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...
CVE-2026-28444
Typebot (chatbot builder) CVE-2026-28444: IDOR in GET /getResultLogs on versions
CVE-2026-28444 Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...
PT-2026-42797
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...
PT-2026-42824
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description An issue in the bot engine's findResult query fails to filter results by typebotId. This allows an authenticated user to load result data, including user answers and variable values, from a differen...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: The result size returned for the admin command completion has been corrected. The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the...
CVE-2026-43617
CVE-2026-43617 affects rsync
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
CVE-2026-43617
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
CVE-2026-8740
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...
CVE-2026-8740
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...