Lucene search
K

85793 matches found

NVD
NVD
added 11 hours ago6 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 12 hours ago3 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score
Exploits0References9
CVE
CVE
added 12 hours ago6 views

CVE-2026-15298

The TelSender WordPress plugin (

7.2CVSS6AI score
Exploits0References8
EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-42805

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score
Exploits0References8
Circl
Circl
added yesterday4 views

CVE-2021-28133

creationtimestamp| type| source ---|---|--- 2026-07-09 23:00:03+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA 2026-07-10 00:00:10+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA...

4.3CVSS6.1AI score0.16289EPSS
Exploits2
Circl
Circl
added yesterday7 views

CVE-2025-4798

creationtimestamp| type| source ---|---|--- 2026-07-09 04:00:07+00:00| seen| https://t.me/brutsecurity/2000 2026-07-10 00:00:31+00:00| seen| https://t.me/brutsecurity/2000...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1
Circl
Circl
added yesterday4 views

GHSA-GV7V-RGG6-548H

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1117 2026-07-10 00:00:35+00:00| seen| https://t.me/brutsecurity/1117...

5.9AI score
Exploits0References1
Circl
Circl
added yesterday4 views

GHSA-6FX6-WRPF-CPGV

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1014 2026-07-10 00:00:36+00:00| seen| https://t.me/brutsecurity/1014...

5.9AI score
Exploits0References1
Circl
Circl
added 4 days ago9 views

CVE-2024-28996

creationtimestamp| type| source ---|---|--- 2026-07-06 12:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249...

7.5CVSS6.8AI score0.00349EPSS
Exploits0References1
Circl
Circl
added 4 days ago4 views

CVE-2024-29004

creationtimestamp| type| source ---|---|--- 2026-07-06 11:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249...

7.1CVSS6.7AI score0.0032EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/07/03 1:36 p.m.8 views

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...

7.8CVSS7.7AI score0.63102EPSS
Exploits3
NVD
NVD
added 2026/07/02 9:16 p.m.5 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS0.00423EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:39 p.m.6 views

EUVD-2026-41438

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:39 p.m.8 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/02 8:39 p.m.41 views

CVE-2026-52830 fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS0.00423EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:39 p.m.26 views

CVE-2026-52830

The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:38 p.m.5 views

Improper Authentication

Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...

9.4CVSS6AI score0.00423EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/02 8:38 p.m.14 views

fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...

9.4CVSS6.1AI score0.00423EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 5:18 p.m.5 views

GHSA-W5WW-7CHG-MXCQ OpenClaw: Telegram interactive callbacks could skip commands.allowFrom

Summary Telegram interactive callbacks could skip commands.allowFrom. In affected versions, a Telegram user able to invoke an affected callback could mark the callback as an authorized sender before applying commands.allowFrom. This advisory is scoped to the named feature and configuration. It do...

8.8CVSS6AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55313

Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...

9.4CVSS6AI score0.00423EPSS
Exploits0References8
Rows per page
Query Builder