CVE-2025-11952

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

EUVD-2025-35339

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

EUVD-2025-34610

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

Selmer-Inspired Elliptic Curve Generation

Elliptic curve cryptography ECC is foundational to modern secure communication, yet existing standard curves have faced scrutiny for opaque parameter-generation practices. This work introduces a Selmer-inspired framework for constructing elliptic curves that is both transparent and auditable...

Grok chats show up in Google searches

I’m starting to feel like a broken record, but I feel you should know that yet another AI has been found sharing private conversations so that Google was able to index them, and now they can be found in search results. It’s déjà vu in the world of AI: another day, another exposé about chatbot...

Talking like a Phisher: LLM-Based Attacks on Voice Phishing Classifiers

Voice phishing vishing remains a persistent threat in cybersecurity, exploiting human trust through persuasive speech. While machine learning ML-based classifiers have shown promise in detecting malicious call transcripts, they remain vulnerable to adversarial manipulations that preserve semantic...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

CVE-2025-46719

Open WebUI vulnerability CVE-2025-46719 affects versions prior to 0.6.6. A flaw in rendering certain HTML tags in chat messages allows stored cross-site scripting (XSS) in chat transcripts, which are accessible by other users on the same server or via Open WebUI community sharing. In the user’s b...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

PT-2025-19787 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.6.6 Description: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A vulnerability in the way certain html tags in chat messages are rendered allows attackers to...

CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete function. This makes it possible for unauthenticated attackers to delete...

CVE-2025-1383

The Podlove Podcast Publisher plugin for WordPress was vulnerable to Cross-Site Request Forgery via the ajax_transcript_delete function in all versions up to 4.2.2. Unauthenticated attackers could delete arbitrary transcripts by tricking an administrator into performing an action. Public referenc...

CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete function. This makes it possible for unauthenticated attackers to delete...

SUSE CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

CVE-2021-1544

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the...

Cisco Webex meeting客户端软件日志机制 信息泄露漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. An information disclosure vulnerability exists in the logging mechanism of the Cisco Webex meeting client software, which can be exploited by an authenticated, local attacker to gain access to sensitive information. The vulnerabili...

CVE-2020-1777

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns

Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The...

Facebook's Voice Transcripts Were More Invasive Than Amazon's

The Capital One hacker, a Bluetooth vulnerability, and more of the week's top security news...