CVE-2026-26328

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities

Summary Under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Details Affected component: src/imessage/monitor/monitor-provider.ts. Vulnerable logic derived effectiveGroupAllowFr...

SmarterMail < 100.0.9526 XSS (CVE-2026-26930)

The version of SmarterTools SmarterMail installed on the remote host is prior to 100.0.9526. It is, therefore, affected by a cross-site scripting vulnerability: - SmarterTools SmarterMail before build 9526 allows XSS via MAPI requests. CVE-2026-26930 Note that Nessus has not tested for this issue...

CVE-2026-26930

CVE-2026-26930 affects SmarterTools SmarterMail prior to version 9526, where XSS is possible via MAPI requests. The CVSS v3.1 base score is 7.2 (HIGH) with network attack vector, no privileges required, user interaction not required, and a changed scope. Patch guidance is to upgrade to 9526 or la...

CVE-2026-26930

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests...

CVE-2026-26930

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests...

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer...

SmarterTools SmarterMail 安全漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail version 9526 had security...

PT-2026-8360

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9526 Description SmarterTools SmarterMail is susceptible to a cross-site scripting XSS issue through MAPI requests. The issue allows for the injection of malicious scripts via crafted MAPI requests...

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

CLEANSTART-2026-CA79883 Security fixes for GHSA-6V2P-P943-PHR9, GHSA-C6GW-W398-HV78, GHSA-F6X5-JH6R-WRFV, GHSA-HCG3-P754-CR77, GHSA-J5W8-Q4QC-RX2X, GHSA-QXP5-GW88-XV66, GHSA-V778-237X-GJRC, GHSA-VVGC-356P-C3XW applied in versions: 1.15.0-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

CVE-2026-2345

Technical details about CVE-2026-2345 are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD/CVE listings for affected products, impact, and remediation specifics.

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

PT-2026-7613

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

CVE-2026-23685

CVE-2026-23685 describes a deserialization vulnerability in the SAP NetWeaver JMS service. An attacker authenticated as an administrator with local access can submit specially crafted content to the server; if processed by the application, this may trigger unintended logic execution that leads to...

CVE-2025-66480

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

CVE-2020-37090 School ERP Pro 1.0 - Remote Code Execution

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...