30 matches found
EUVD-2026-36321
OpenClaw: Message read actions could skip channel allowlist checks...
CVE-2026-53815
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...
CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...
CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...
CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...
PT-2026-48745
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.19 Description An authorization bypass exists in message read actions due to insufficient validation, which allows the system to skip channel allowlist checks. This enables lower-trust callers to request and...
CVE-2026-44569
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...
EUVD-2026-30644
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the channel functionality. The...
PT-2026-39671
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.19 Description An Insecure Direct Object Reference IDOR exists in the channels message management system, allowing authenticated users to modify or delete any message within channels where they have read access...
EUVD-2025-31396
Malicious code in bioql PyPI...
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1728)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TencentOS Server 3: bind9.16 (TSSA-2023:0240)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0240 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2025-1314)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7340-1 openvpn vulnerabilities
It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...
USN-6860-1: OpenVPN vulnerabilities
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. CVE-2024-28882...
PT-2024-5857 · Openvpn +7 · Openvpn +7
Name of the Vulnerable Software and Affected Versions: OpenVPN versions prior to 2.6.11 Description: The issue is related to the lack of proper sanitization of PUSH REPLY messages, which can be exploited by attackers to inject unexpected arbitrary data into third-party executables or plug-ins. Th...
EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2023-3461)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion...
MGASA-2023-0303 Updated bind packages fix security vulnerabilities
The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...
Oracle Linux 9 : bind (ELSA-2023-5689)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5689 advisory. 32:9.16.23-11.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...