Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:11 p.m.2 views

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00041EPSS
Exploits0References1
NVD
NVDadded 2026/03/21 1:17 a.m.1 views

CVE-2026-32050

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

6.3CVSS0.00042EPSS
Exploits0References3
OSV
OSVadded 2026/03/19 10:16 p.m.2 views

CVE-2026-32028

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

3.7CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2026/03/19 10:7 p.m.4 views

CVE-2026-32028

OpenClaw

6.3CVSS5.8AI score0.00041EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/03/03 11:11 p.m.1 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the enqueueSystemEvent process. An attacker can add unauthorized reaction status lines to agent contexts by sending specially crafted reaction-only inbound even...

6.3CVSS5.8AI score0.00042EPSS
Exploits0References2
OSV
OSVadded 2026/03/03 6:9 p.m.1 views

GHSA-QJ22-XQJR-V83V OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection

A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...

7.1CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/03 12:0 a.m.2 views

PT-2026-26409

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patched versions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...

6.3CVSS5.9AI score0.00041EPSS
Exploits0References7
Prion
Prionadded 2024/01/12 9:15 p.m.12 views

Design/Logic Flaw

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

3.5CVSS6.9AI score0.00177EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2024/01/12 12:0 a.m.1 views

PT-2024-13672 · Discourse · Discourse-Reactions

Name of the Vulnerable Software and Affected Versions: Discourse-reactions plugin affected versions not specified Description: The Discourse-reactions plugin allows users to add reactions to posts. However, it has an issue where data about a user's reaction notifications could be exposed...

3.5CVSS3.7AI score0.00177EPSS
Exploits0References8
Rows per page
Query Builder