OpenClaw has an unspecified vulnerability (CNVD-2026-19029)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to retrieve threaded messages that should be filtered by the sender's permission list...

EUVD-2026-21126

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities were caused by a problem with the Webhook path routing in the Synology Chat extension, which could lead to bypassing...

CVE-2026-28783

CVE-2026-28783 affects Craft CMS (Craft CMS core) where a blocklist of potentially dangerous PHP functions is bypassable via Twig non-Closure arrow functions. Affected versions are prior to 5.9.0-beta.1 and 4.17.0-beta.1. Successful exploitation requires attacker permissions (production allowAdmi...

CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function on the critical API endpoints messages, transactions, and session, handling sensitive user data and system operations. An unauthenticated attacker can access confidential conversation data an...

CVE-2024-42655

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters...

PT-2025-28633

Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns the "/log" endpoint on a Juju controller, which lacked sufficient authorization checks. This allowed unauthorized users to access debug messages that could contain sensitive...

CVE-2022-32220

An information disclosure vulnerability exists in Rocket.Chat...

WordPress plugin WPS Telegram Chat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-47323

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexapreviously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differen...

CVE-2016-4427

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled...

UNISOC chipset 安全漏洞

The UNISOC chipset is an integrated circuit chipset from China's Unisplendour UNISOC. The UNISOC chipset contains a security vulnerability that could allow an attacker to gain remote control of a cell phone, such as obtaining sensitive information from text messages or the device screen, recordin...

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

Unspecified Vulnerability in Tecno Camon iClick 2

The Transn Tecno Camon iClick 2 is a smartphone from the Chinese company Transn. An unspecified vulnerability exists in Tecno Camon iClick 2. The vulnerability can be exploited to execute code or commands with system privileges to record the screen, restore factory settings, obtain user's Wi-Fi...

CVE-2018-14991

CVE-2018-14991 affects Coolpad Defiant, ZTE ZMAX Pro, and T-Mobile Revvl Plus due to a pre-installed Rich Communication Services (RCS) app. The vulnerable components include an app with package name com.suntek.mway.rcs.app.service (exported MessageProvider) and a refactored version com.rcs.gsma.n...

Cybozu Garoon fails to restrict access permission in the Phone Messages function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...