CVE-2026-32905 OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

PT-2026-44891

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

CVE-2026-35631

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

PT-2026-31766

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw versions prior to 2026.3.22 do not properly enforce operator.admin scope on mutating internal ACP chat commands, which allows unauthorized modifications. Attackers without admin...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of the operator.admin scope for mutated internal ACP chat commands, which could...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of the operator.admin scope in mutating internal ACP chat commands. An attacker can perform unauthorized mutating control-plane actions by...

EUVD-2013-0564

Malware in sbrugna...

CVE-2023-33198

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...

PT-2023-24215 · Discord · Discord

Name of the Vulnerable Software and Affected Versions: tgstation-server affected versions not specified Description: The issue concerns the DreamMaker API DMAPI chat channel cache in tgstation-server, which can be poisoned upon a restart and reattach of the server. This can lead to chat messages...

CVE-2022-29166 Improper handling of multiline messages in matrix-appservice-irc

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain fro...

Security update for teeworlds (moderate)

openSUSE Security Update: Security update for teeworlds Announcement ID: openSUSE-SU-2019:1999-1 Rating: moderate References: 1112910 1131729 Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...