Lucene search
+L

269 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.6 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-22170

OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-31763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before validating sender and pairing policies. Attackers can trigger unauthorize...

8.6CVSS5.8AI score0.00454EPSS
Exploits0References11
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14834)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that stems from not enforcing dmPolicy and allowFrom authorization checks on Discord direct message response notifications, which can be exploited by an attacker to bypass DM...

6.3CVSS5.9AI score0.00198EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.18 views

Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...

6.3CVSS5.7AI score0.0021EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32067 OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

3.7CVSS5.8AI score0.00165EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2026/03/20 10:0 a.m.9 views

The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs

Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/19 10:16 p.m.6 views

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:7 p.m.20 views

CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:7 p.m.14 views

CVE-2026-32028

OpenClaw

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 10:7 p.m.5 views

CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.9AI score0.00198EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 10:7 p.m.3 views

EUVD-2026-13302

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 9:57 p.m.4 views

EUVD-2026-13341

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.8AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 9:57 p.m.28 views

CVE-2026-33410 Discourse hardens chat DM channel creation and expansion

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS0.00156EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 9:57 p.m.6 views

CVE-2026-33410 Discourse hardens chat DM channel creation and expansion

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 1:0 a.m.10 views

EUVD-2026-13021

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

4.6CVSS5.8AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26427

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse, an open-source discussion platform, has authorization issues within its chat direct message API...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References4
Rows per page
Query Builder