baptistearno

Top products

The 15 most recently published vulnerabilities affecting baptistearno.

• CVE-2026-48764TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass8.2Jun 17, 2026
• CVE-2026-48768TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName9.3Jun 17, 2026
• CVE-2026-48759TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)7.1Jun 17, 2026
• CVE-2026-39969TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification6.5May 22, 2026
• CVE-2026-39967TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter3.1May 22, 2026
• CVE-2026-39968TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint7.1May 22, 2026
• CVE-2026-39966TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions6.5May 22, 2026
• CVE-2026-39965TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks7.7May 22, 2026
• CVE-2026-39964TypeBot: Stored XSS via javascript: URI in text bubble links — bot author executes JS on visitors' browsers5.4May 22, 2026
• CVE-2026-34207TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Validation7.6May 22, 2026
• CVE-2026-33712TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls10.0May 22, 2026
• CVE-2026-28445Typebot: Stored XSS via Rating Block Custom Icon Bypasses isUnsafe Sandbox in Builder Preview8.7May 22, 2026
• CVE-2026-28444Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data Disclosure6.5May 22, 2026
• CVE-2025-65098Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass7.4Jan 22, 2026
• CVE-2025-64709Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block9.6Nov 13, 2025