Lucene search
K

164 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.1 views

CVE-2026-31998 OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

8.6CVSS5.8AI score0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.1 views

CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

8.3CVSS5.8AI score0.00321EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/19 1:0 a.m.4 views

EUVD-2026-13035

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions 2026.2.22 and 2026.2.23 of OpenClaw contain security vulnerabilities. These vulnerabilities stem from an authorization bypass issue in the synology-chat plugin. This could allow attackers to circumvent...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 11:3 p.m.5 views

Incorrect Authorization

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Incorrect Authorization in the synology-chat channel plugin when dmPolicy is set to allowlist and allowedUserIds is empty or unset. An attacker can trigger...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-26238

Summary In openclaw versions 2026.2.22 and 2026.2.23, the optional synology-chat channel plugin had an authorization fail-open condition: when dmPolicy was allowlist and allowedUserIds was empty/unset, unauthorized senders were still allowed through to agent dispatch. This is assessed as medium...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References13
NVD
NVD
added 2026/02/14 7:16 a.m.18 views

CVE-2025-6792

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.32 views

CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00255EPSS
Exploits0References6
NVD
NVD
added 2026/01/26 7:16 a.m.8 views

CVE-2025-14316

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 6:0 a.m.5 views

CVE-2025-14316

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:25 p.m.9 views

CVE-2018-12534

A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress...

9.8CVSS8AI score0.01476EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.9 views

CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

9.8CVSS7.6AI score0.02314EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4502

Malware in sbrugna...

9.8CVSS9.5AI score0.01476EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8379

Malware in sbrugna...

9.8CVSS9.1AI score0.02314EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-30790

Malware in sbrugna...

7.4CVSS6.4AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-49599

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51824

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00534EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16471

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00222EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-30290

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00608EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52231

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder