Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to continue a conversation with another user through...

Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

GO-2025-3991 Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi

Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi...

EUVD-2021-24159

Malware in sbrugna...

EUVD-2024-51703

Malicious code in bioql PyPI...

EUVD-2022-52919

Malicious code in bioql PyPI...

EUVD-2025-31619

Malicious code in bioql PyPI...

EUVD-2021-28206

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service crash via a crafted XMPP Last Message Correction XEP-0308 message in...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

NetEase QAnything 跨站脚本漏洞

NetEase QAnything is a local knowledge base question and answer system from China's NetEase, Inc. that is designed to support files or databases in any format, and can be installed and used offline. A cross-site scripting vulnerability exists in NetEase QAnything. An attacker can exploit this...

CVE-2021-37601

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information list of admins, members, owners, and banned entities of a Multi-User chat room in some common configurations...

CVE-2024-13646

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

WordPress Single-user-chat plugin <= 0.5 - Authenticated (Subscriber+) Limited Options Update vulnerability

Authenticated Subscriber+ Limited Options Update vulnerability discovered by Colin Xu in WordPress Plugin Single-user-chat versions = 0.5...

CVE-2024-13646 Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

CVE-2024-13646

The CVE concerns the WordPress plugin Single-user-chat (versions

CVE-2024-13646 Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

WordPress plugin Single-user-chat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-2234 · WordPress · Single-User-Chat

Name of the Vulnerable Software and Affected Versions: Single-user-chat plugin for WordPress versions up to and including 0.5 Description: The issue is related to insufficient validation in the single user chat update login function, allowing authenticated attackers with subscriber-level access a...

CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...