Adityabhatt3010

**Name of the Vulnerable Software and Affected Versions** CollabPlatform (affected versions not specified) **Description** The application’s Appwrite project is misconfigured, allowing arbitrary origins in Cross-Origin Resource Sharing (CORS) responses while also permitting credentialed requests. This allows an attacker-controlled domain to issue authenticated cross-origin requests and potentially read sensitive user account information, including email address, account identifiers, and MFA status. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChatterBot versions up to 1.2.10 ChatterBot version 1.2.11 **Description** ChatterBot, a machine learning conversational dialog engine, is susceptible to a denial-of-service condition. This occurs due to improper management of database sessions and connection pools. Concurrent calls to the `get response()` method can deplete the SQLAlchemy connection pool, leading to service unavailability and requiring a manual restart for recovery. The issue stems from the `get response()` method lacking concurrency limits, rate limiting, or explicit session lifecycle controls. Rapid consumption of database connections without timely release exhausts the SQLAlchemy QueuePool, causing requests to block and ultimately fail with a TimeoutError. This can be triggered without authentication in deployments where ChatterBot is exposed as a chatbot service. **Recommendations** ChatterBot versions up to 1.2.10 should be updated to version 1.2.11.