Type Chat Software


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.


The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (227): 12planet Chat Server, 123flashchat eChat plugin, 123 Flash Chat Module, A51dev Activecollab Chat Module, Acobot Live Chat , Acobot Contact Form, ActiveHelper ActiveHelper LiveHelp Live Chat, Adrenalin Labs Adrenalins Asp Chat, Adventia Chat, Adventia Server, Andys Chat, Anna^ IRC Bot, App Rocket.Chat, Appindex MWChat, Apple Ichat, Apple iChat, Apple Ichat Av, Apple Ichat Server, Apple iChat Server, ARSC Really Simple Chat, Atlassian Hipchat Server, Banckle Chat, Bigfun IRC Client, Bird Internet Chat Server, BitchX IRC Client, BlueSky BlueSkychat, Browser IRC Client, Candy Chat, Cgiirc CGI:IRC, Cgiscript.net csChat-R-Box, CGI:IRC, ChatBox Chat Rooms, Chatness, Chatopera Cosin, Chatspot, Chattaitaliano Istant-Replay, chattanoogastate eLearn, ChatterBox, Chatty, chatwm, ChatWork Desktop App, chat anywhere, Chat Anywhere, Chat Anywhere Extension, Chat Room Module, Cisco Email, Cisco Email Center, Cisco Enterprise Chat, clickdesk Clickdesk Live Support-live Chat Plugin, Codologic Com Freichat, Cool Cafe Chat, CSS-TRICKS Chat2, Daniel Toma WebChat, Darrens 5-dollar Script Archive FlashChat, Darrens 5-dollar Script Archive flashChat, Denora IRC Stats, Develooping Flash Chat, Digi-net Digichat, Douchat, DSChat, EFS Easy Chat Server, Efs Software Easy Chat Server, eGain Chat, Eggheads Eggdrop IRC Bot, Enghouse Web Chat, Epic IRC Client, Familycms Family Connections Who is Chatting, Faust Informatics Freestyle Chat, Fijiwebdesign Com Ajaxchat, Fish Encryption IRC, Flashtux WeeChat, Flat Chat, FlexChat, Frankly Chat, FreeChat, Free Web Chat, FreiChat, Fujitsu Chocoa IRC Client, Gist Chatbot, GTChat, Gyach Enhanced Chat Room, HexChat, Hipchat Desktop Client, Hipchat Server, Hipchat Plugin, iLove Ilove - Free Dating! Chat App, IRC-Worm.Win32.Jane.a, IRC-Worm.Win32.Silentium.a, IRC Plugin, IRC Server, IRC Services, IRC Services NickServ LISTLINKS, Jackdapp Jack'd - Gay Chat! Dating, James Seter BNC IRC, JAUMO Chat, JAUMO Flirt! Dating Heart Jaumo, Jollybox.de TCP Chat, Joompolitan Com Livechat, Khaled Mardam-Bey mIRC, Khaled Mardam-Bey Mirc, kvirc IRC Client, KVIrc IRC Client, LANChat Pro Revival, LeafDigital LeafChat, Let's PHP! Frame High-Speed Chat, Let's PHP! Simple Chat, Lionmax Software Chat Anywhere, Live.me - Live Stream Video Chat, LiveZilla Live Chat, Live Chat - Live Support, Live Helper Chat, Mata MataChat, Mazens PHP Chat, Mazens PHP Chat, MCQs, MedQuiz: Medical Chat, Melange Chat Server, Melange Chat System, Micro Focus Service Manager, Micro Focus Service Manager Chat Server, Micro Focus Service Manager Chat Service, Ming Han AJchat, Minichat, mirc, mIRC, mIRC Advanced Integration Plugin, mIRC Plug-in for Winamp, MM Chat, Mohachat MOHA Chat, MPM Chat, MWChat Pro, Natterchat, NatterChat, Netchat Subnet Chat Application, Ninjadesigns Flatchat, Onelouder FriendCaster Chat, Parachat Server, Payperviewvideosoftware Pay Per Minute Video Chat Script, PCPIN PCPIN Chat, Philippe CROCHAT EasySite, phpFreeChat, phpHeaven PHPMyChat, Phpheaven phpMyChat, Phpheaven PhpMyChat, phpHeaven phpMyChat, Phpheaven PHPMyChat, Phpheaven PhpMyChat Plus, phpMyChat, phpMyChat-Plus, PhpMyChat Plus, PhpOnlineChat, PHPOpenChat, PHP Based Web Chat Manager, Pirch IRC Client, Proton Energymech Irc Bot, Pro Chat Rooms, Pro Chat Rooms Text Chat Rooms, Quassel-irc Quassel, Quassel-irc Quassel Irc, Quassel-irc Quassel IRC, Quassel IRC, Quick Chat Plugin, RealChat, Reallysimplechat Really Simple Chat, Rhapsody IRC, Rocket.Chat, Rocket.Chat Server, ScatterChat, Scott Weedon Ajax Chat, Script* Log-Chat, Shawn Webb Webbsyte Chat, Siemens TIM 1531 IRC, Simm-comm SCI Photo Chat, Simple Keitai Chat, SimpleChat, Simple Chatting System, Skout BoyAhoy - Gay Chat, Skout Flurv Chat, Skout Skout: Chats. Friends. Fun., SleeperChat, Smart IRC Daemon, Spytech Spynet Chat, Stephen Craton Chatness, Successkid Harris Wap Chat, Synology Chat, SZ NetChat, T0pp8uzz Dana IRC client, TechyTalk Quick Chat Plugin, Tencent WeChat, TIM 1531 IRC, TJSChat, Topcmm Computing 123 Flash Chat Server, Tufat FlashChat, Unichat, V3chat V3 Chat Live Support, V3chat V3 Chat Profiles Dating Script, V3 Chat, VChat, Vibease Chat App, Vibease Wireless Remote Vibrator App, VideoWhisper PHP 2 Way Video Chat, Vincent Tietz vjchat, Visual IRC, Voodoo chat, Wchat Fully Responsive PHP AJAX Chat Script, Webchat.org WebChat, Webchat, WeeChat, WF-Chat, WircSrv IRC Server, wIRCSrv IRC Server, Wise Chat Plugin, wp-live-chat-support Plugin, WP Live Chat Support, X-Chat, X7chat X7 Chat, X7 Chat, X7 Group X7 Chat, XChat, Xchat, xchat, XChat-GNOME, yChat, Zeacom Chat Server, Zehnet Zz Flashchat, Zipstore Zip Store Chat, Zoom Chat

04/10/20215.04.7Zoom Chat Remote Privilege EscalationChatProof-of-ConceptNot Defined3.74CVE-2021-30480
04/02/20216.36.0IRC-Worm.Win32.Silentium.a Games permissionIRC-Worm.Win32.Silentium.aProof-of-ConceptNot Defined0.00
03/30/20217.36.7IRC-Worm.Win32.Jane.a Remote Code ExecutionIRC-Worm.Win32.Jane.aProof-of-ConceptWorkaround0.00
03/30/20217.36.7IRC-Worm.Win32.Jane.a FTP Server backdoorIRC-Worm.Win32.Jane.aProof-of-ConceptWorkaround0.05
03/27/20214.84.6App Rocket.Chat Nested Markdown cross site scriptingRocket.ChatNot DefinedOfficial Fix0.09CVE-2021-22886
02/23/20215.24.9Gist Chatbot Chatbox cross site scriptingChatbotProof-of-ConceptNot Defined0.06CVE-2020-35852
02/11/20217.57.5Tencent WeChat WXAM Decoder memory corruptionWeChatNot DefinedNot Defined0.08CVE-2020-27874
01/27/20214.44.3Rocket.Chat Server Drag/Drop cross site scriptingRocket.Chat ServerNot DefinedOfficial Fix0.07CVE-2020-8292
01/27/20214.44.3Rocket.Chat Server specializedRendering cross site scriptingRocket.Chat ServerNot DefinedOfficial Fix0.07CVE-2020-8288
01/09/20214.44.4Rocket.Chat Password Reset information disclosureRocket.ChatNot DefinedNot Defined0.05CVE-2020-28208
12/30/20205.55.5Rocket.Chat SAML Login unknown vulnerabilityRocket.ChatNot DefinedOfficial Fix0.00CVE-2020-29594
10/15/20206.56.5Live Chat - Live Support cross-site request forgeryLive Chat - Live SupportNot DefinedNot Defined0.05CVE-2020-5642
10/02/20204.84.6Live Helper Chat Reflected cross site scritingLive Helper ChatNot DefinedOfficial Fix0.04CVE-2020-26135
10/02/20204.84.6Live Helper Chat BBcode Stored cross site scritingLive Helper ChatNot DefinedOfficial Fix0.00CVE-2020-26134
09/03/20205.25.2Enghouse Web Chat cross site scriptingWeb ChatNot DefinedNot Defined0.08CVE-2020-13972
08/18/20205.25.2Rocket.Chat cross site scriptingRocket.ChatNot DefinedNot Defined0.05CVE-2020-15926
03/23/20208.58.2WeeChat buffer overflowWeeChatNot DefinedOfficial Fix0.05CVE-2020-9760
03/23/20206.46.1WeeChat null pointer dereferenceWeeChatNot DefinedOfficial Fix0.01CVE-2020-9759
03/20/20208.58.2WP Live Chat Support REST API authorizationWP Live Chat SupportNot DefinedOfficial Fix0.05CVE-2019-12498
03/09/20206.96.9LiveZilla Live Chat chat.php Stored cross site scriptingLiveZilla Live ChatNot DefinedNot Defined0.05CVE-2020-9758
03/05/20207.47.4EFS Easy Chat Server body2.ghp buffer overflowEasy Chat ServerNot DefinedNot Defined0.04CVE-2019-20502
02/18/20208.88.8phpMyChat-Plus deluser.php sql injectionphpMyChat-PlusNot DefinedNot Defined0.01CVE-2020-9265
02/12/20208.58.5WeeChat irc-mode.c irc_mode_channel_update buffer overflowWeeChatNot DefinedNot Defined0.00CVE-2020-8955
01/07/20207.57.2Tencent WeChat code injectionWeChatNot DefinedOfficial Fix0.07CVE-2019-17151
12/20/20195.25.2phpMyChat-Plus Password Reset URL pass_reset.php Reflected cross site scriptingphpMyChat-PlusNot DefinedNot Defined0.00CVE-2019-19908

Interested in the pricing of exploits?

See the underground prices here!