CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

CVE-2026-31998

creationtimestamp| type| source ---|---|--- 2026-03-20 05:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhhsj4wzoq2a...

CVE-2026-31998 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

CVE-2025-31998

creationtimestamp| type| source ---|---|--- 2025-10-12 03:14:22+00:00| seen| Telegram/X1QO3FdO83VgYJ8qfIPh8oFA5RfrYtTrMeoVmGpHRv17Ms...

Linux Distros Unpatched Vulnerability : CVE-2021-31998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2...

CVE-2022-31998

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=servicetransactions/viewdetails=...

CVE-2024-31998

creationtimestamp| type| source ---|---|--- 2024-11-05 02:09:19+00:00| seen| https://t.me/cvedetector/9802...

CVE-2023-31998

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices...

CVE-2023-31998

This CVE concerns a heap overflow in Ubiquiti EdgeRouter and AirCube devices, linked to the MiniUPnPd UPnP service. A local-network attacker could interrupt UPnP (and, per PT-2023-3998, potentially execute arbitrary code). Affected versions include EdgeRouter prior to 2.0.9-hotfix.7 and AirCube p...

CVE-2023-31998

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices...

CVE-2023-31998

creationtimestamp| type| source ---|---|--- 2023-07-10 18:00:06+00:00| published-proof-of-concept| https://t.me/truesecator/4598 2023-07-10 19:14:00+00:00| published-proof-of-concept| https://t.me/cKure/11254 2023-07-10 22:56:50+00:00| published-proof-of-concept| https://t.me/proxybar/1616...

CVE-2022-31998

CVE-2022-31998 : Badminton Center Management System v1.0 is vulnerable to SQL injection via /bcms/admin/?page=service_transactions/view_details&id=. Root cause: lack of input validation on the id parameter. Documented impacts include high confidentiality, integrity, and availability risks (CVSS 3...

SUSE SLES11 Security Update : inn (SUSE-SU-2021:14750-1)

The remote SUSE Linux SLES11 / SLESSAP11 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:14750-1 advisory. - A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports...

SUSE: Security Advisory (SUSE-SU-2021:14750-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:14750-1 Security update for inn

This update for inn fixes the following issues: - CVE-2021-31998: Fixed locale privialge escalation during the update of inn bsc1182321...

CVE-2021-31998 inn: %post calls user owned file allowing local privilege escalation to root

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 i...

CVE-2021-31998

A vulnerability in the packaging of inn on SUSE Linux Enterprise Server 11-SP3 (inn-2.4.2-170.21.3.1 and earlier) and on affected openSUSE variants (openSUSE Backports SLE-15-SP2; openSUSE Leap 15.2 prior to 2.6.2) allows local users to escalate privileges to root due to incorrect default permiss...

OPENSUSE-SU-2021:0845-1 Security update for inn

This update for inn fixes the following issues: - CVE-2021-31998: change user to news before calling innupgrade, which could have allow local privilege escalation. boo1182321 This update was imported from the openSUSE:Leap:15.2:Update update project...

openSUSE Security Update : inn (openSUSE-2021-830)

This update for inn fixes the following issues : - CVE-2021-31998: change user to news before calling innupgrade, which could have allow local privilege escalation. boo1182321 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

openSUSE: Security Advisory for inn (openSUSE-SU-2021:0830-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...