OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities were due to improper trust boundaries, which could allow untrusted workarea channel shadows to execute during built-i...

CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

EUVD-2023-24068

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of channel conversion restrictions. An attacker can exploit this flaw to change channel visibility settings without proper authorization by manipulating channel settings. Remediation...

CVE-2023-1866

CVE-2023-1866 concerns the YourChannel WordPress plugin (

YourChannel < 1.2.5 - Multiple CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins to reset and change the plugin's quick language translation, general and channel settings via CSRF attacks...

Linux Gather XChat Enumeration

This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply...