CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization in the Discord voice ingress authorization process. An attacker can gain unauthorized access to restricted voice channels by exploiting gaps in channel, name,...

GHSA-X2M8-53H4-6HCH OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

CVE-2025-68783

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...

UBUNTU-CVE-2025-68783

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...

CVE-2024-39274

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

PT-2026-2515

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s ALSA subsystem contains a flaw within the usb-mixer component, specifically in the us16x08 driver. The get meter levels from urb function processes meter packets...

EUVD-2018-2465

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414342 advisory. An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the...

EUVD-2022-50279

Malicious code in bioql PyPI...

OpenSynergy BlueSDK 安全漏洞

OpenSynergy BlueSDK is a Bluetooth stack from OpenSynergy, Germany. A security vulnerability exists in OpenSynergy BlueSDK 6.x and prior versions that stems from the BlueSDK Bluetooth stack not properly validating the remote L2CAP channel ID, which could result in the creation of an L2CAP channel...

CVE-2024-53014

Memory corruption may occur while validating ports and channels in Audio driver...

DEBIAN-CVE-2024-43852

In the Linux kernel, the following vulnerability has been resolved: hwmon: ltc2991 re-order conditions to fix off by one bug LTC2991TINTCHNR is 4. The st-tempen array has LTC2991MAXCHANNEL 4 elements. Thus if "channel" is equal to LTC2991TINTCHNR then we have read one element beyond the end of th...

CVE-2024-39274

Mattermost server vulnerability CVE-2024-39274: Affected versions include Mattermost 9.9.x up to 9.9.0, 9.5.x up to 9.5.6, 9.7.x up to 9.7.5, and 9.8.x up to 9.8.1. The issue is improper validation of the channel from sync messages being a shared channel when shared channels are enabled, which ca...

CVE-2024-39274 Malicious remote can add users to arbitrary teams and channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

SUSE CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

UBUNTU-CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

The validation of the source channel is performed incorrectly

Lines of code Vulnerability details Impact There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens. Proof of Concept When bootstrapping Canto Network, node operators config channel ID for the onboarding...

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

...