80 matches found
GHSA-X2FF-J5C2-GGPR OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows
Impact In shared Slack workspace deployments that rely on sender restrictions allowFrom, DM policy, or channel user allowlists, some interactive callbacks blockaction, viewsubmission, viewclosed could be accepted before full sender authorization checks. In that scenario, an unauthorized workspace...
PT-2026-26387
Impact In shared Slack workspace deployments that rely on sender restrictions allowFrom, DM policy, or channel user allowlists, some interactive callbacks block action, view submission, view closed could be accepted before full sender authorization checks. In that scenario, an unauthorized...
GHSA-RM2P-J3R7-4X4J OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...
OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...
GHSA-QJ22-XQJR-V83V OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection
A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...
EUVD-2020-12233
Malware in sbrugna...
EUVD-2018-3433
Malware in sbrugna...
CVE-2020-1357
An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'...
PT-2024-2582 · Lenovo · Lenovo Xclarity Administrator
Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator affected versions not specified Description: The issue is related to information disclosure and can be exploited by a remote attacker to gain unauthorized access to an API endpoint without authentication. A valid...
WEM 2203: Citrix WEM Service Citrix.Wem.Agent.Service.exe crash
After installing WEM Agent version 2203, the following system events are logged in the VDA: Event ID 1026: .NET Runtime Application: Citrix.Wem.Agent.Service.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. and Event ID 1000: Faulting...
About the security content of Security Update 2022-005 Catalina
About the security content of Security Update 2022-005 Catalina This document describes the security content of Security Update 2022-005 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...
Security Bulletin: Log4j as used in IBM® QRadar User Behavior Analytics application add on to IBM® QRadar SIEM is vulnerable to remote code execution (RCE) (CVE-2021-44228)
Summary Log4j is used by IBM® QRadar User Behavior Analytics application to log system events. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading IBM® QRadar User Behavior Analytics application add on to IBM® QRadar SIEM and thus addressing the exposure to the...
CVE-2020-9111
E6878-370 versions 10.0.3.1H557SP27C233,10.0.3.1H563SP21C233 and E6878-870 versions 10.0.3.1H557SP27C233,10.0.3.1H563SP11C233 have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause...
About the security content of iOS 11.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...
CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...
Cross site scripting
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...
CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...
Microsoft Windows System Events Broker Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows System Events Broker,...
The vulnerability of the System Events Broker component in the Windows operating system allows a hacker to exploit their privileges.
The vulnerability of the System Events Broker component in the Windows operating system is related to errors in file operation handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...