Lucene search
K

5 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41382

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35767

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authorization bypass exists in the Discord voice ingress. This issue allows attackers to circumvent channel and member allowlist restrictions by exploiting improper channel name validation an...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References6
Cvelist
Cvelist
added 2020/09/08 9:31 a.m.31 views

CVE-2020-3622

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...

7.7AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder