9025 matches found
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2026-4456
creationtimestamp| type| source ---|---|--- 2026-03-22 02:33:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmizrvolb2n 2026-03-22 02:34:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmj2xueev2s 2026-03-24 01:00:00+00:00| seen|...
EUVD-2025-208920
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
CVE-2025-71276
SOGo prior to 5.12.5 is described as having an XSS vulnerability affecting events, tasks, and contacts categories. The connected sources confirm the affected software version range and the vulnerability class (XSS), but do not provide exploit details, impact scope beyond the component areas, or r...
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...
PT-2026-26960
CVE-2025-71276 SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories. https://t.co/ZOhankzKG9...
SOGo 跨站脚本漏洞
SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.5 contained a cross-site...
Linux Distros Unpatched Vulnerability : CVE-2025-71276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories. CVE-2025-71276 Note that Nessus relies on the presence of the...
GHSA-G839-VP47-WGH8 Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...
Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...
EUVD-2026-13954
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
GHSA-XH9J-MPC9-2M9P Duplicate Advisory: OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvgp-4c28-m3jm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI...
GHSA-XGWG-M42C-8Q62 Duplicate Advisory: OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8cg-4474-49v8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event...
Duplicate Advisory: OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v8cg-4474-49v8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event...
GHSA-86JJ-29WC-7Q2W Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...
Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...
CVE-2026-32899
OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...