| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-30833 | Rocket.Chat: NoSQL injection in the EE ddp-streamer-service | RocketChat | Rocket.Chat | 中危 | - | 2026-03-06 17:40:37 | Deep Dive |
| CVE-2026-30831 | Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer | RocketChat | Rocket.Chat | 超危 | - | 2026-03-06 17:40:28 | Deep Dive |
| CVE-2026-28514 | Rocket.Chat: Users can login with any password via the EE ddp-streamer-service | RocketChat | Rocket.Chat | 超危 | - | 2026-03-06 17:35:02 | Deep Dive |
| CVE-2026-3075 | WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability | Jeff Starr | Simple Ajax Chat | - | - | 2026-02-23 20:48:13 | Deep Dive |
| CVE-2025-14270 | OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update | walterpinem | OneClick Chat to Order | Low | 2.7 | 2026-02-19 04:36:21 | Deep Dive |
| CVE-2025-12448 | Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | smartsupp | Smartsupp – live chat, AI shopping assistant and chatbots | Medium | 6.4 | 2026-02-19 03:25:12 | Deep Dive |
| CVE-2025-14799 | Brevo - Email, SMS, Web Push, Chat, and more. <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling | neeraj_slit | Brevo – Email, SMS, Web Push, Chat, and more. | Medium | 6.5 | 2026-02-18 11:26:04 | Deep Dive |
| CVE-2026-0736 | Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field | collectchat | Chatbot for WordPress by Collect.chat ⚡️ | Medium | 6.4 | 2026-02-14 06:42:37 | Deep Dive |
| CVE-2025-6792 | One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception | amentotechpvtltd | One to one user Chat by WPGuppy | Medium | 5.3 | 2026-02-14 06:42:26 | Deep Dive |
| CVE-2026-21523 | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | Microsoft | Microsoft Visual Studio Code CoPilot Chat Extension | High | 8.0 | 2026-02-10 17:51:25 | Deep Dive |
| CVE-2026-21518 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Microsoft | Microsoft Visual Studio Code CoPilot Chat Extension | High | 8.8 | 2026-02-10 17:51:15 | Deep Dive |
| CVE-2020-37106 | Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) | Bdtask | Business Live Chat Software | Medium | 5.3 | 2026-02-06 23:14:05 | Deep Dive |
| CVE-2025-59902 | HTML injection in NICE Chat | NICE | NICE Chat | - | - | 2026-02-03 09:28:17 | Deep Dive |
| CVE-2026-23835 | LobeHub Vulnerable to Improper Authorization in Presigned Upload | lobehub | lobe-chat | - | - | 2026-01-30 20:04:23 | Deep Dive |
| CVE-2026-24399 | ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution | chattermate | chattermate.chat | Critical | 9.3 | 2026-01-24 00:05:37 | Deep Dive |
| CVE-2026-22463 | WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | Micro.company | Form to Chat App | - | - | 2026-01-22 16:52:40 | Deep Dive |
| CVE-2026-23522 | Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion | lobehub | lobe-chat | Low | 3.7 | 2026-01-19 16:53:32 | Deep Dive |
| CVE-2026-23733 | Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE) | lobehub | lobe-chat | Medium | 6.4 | 2026-01-18 22:56:16 | Deep Dive |
| CVE-2026-23477 | Rocket.Chat Unauthorized Access to OAuth App Details | RocketChat | Rocket.Chat | High | 7.7 | 2026-01-14 18:16:05 | Deep Dive |
| CVE-2025-14428 | My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion | premio | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | Medium | 4.3 | 2026-01-01 16:19:31 | Deep Dive |