Lucene search
K

143 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/19 11:4 p.m.5 views

CVE-2026-26328

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

6.5CVSS5.5AI score0.00283EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/02/19 11:4 p.m.13 views

CVE-2026-26328

OpenClaw is affected by CVE-2026-26328: prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities from the DM pairing store, broadening DM trust into group contexts. This is documented across multiple sources, including Red Hat a...

6.5CVSS5.5AI score0.00283EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/02/18 12:43 a.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via monitor-provider.ts. An attacker can gain unauthorized group access by leveraging DM pairing-store identities to satisfy group allowlist authorization, even if...

7.1CVSS5.7AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-23521

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Slack slash-command handler incorrectly authorizes any direct message sender when the dmPolicy is set to open. This allows attackers to execute privileged slash commands via direct message,...

8.2CVSS5.9AI score0.00347EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.4 views

CVE-2022-35250

A privilege escalation vulnerability exists in Rocket.chat...

4.3CVSS5.1AI score0.00647EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

Meshtastic 安全漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...

5.3CVSS5.7AI score0.00191EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/10/15 4:18 p.m.5 views

TikTok scam sells you access to your own fake money

This scam starts in your TikTok DMs. A brand-new account drops a melodramatic message—terminal illness, last goodbye, “I left you some assets.” At the bottom: a ready-made username and password for a crypto site you’ve never used. It’s designed to feel urgent and personal so you tap before you...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13769

Malware in sbrugna...

4.3CVSS4.9AI score0.00615EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-6596

Malware in sbrugna...

7.5CVSS7.5AI score0.0094EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2520

Malicious code in bioql PyPI...

4.9CVSS4.5AI score0.00472EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.6 views

CVE-2022-39840

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...

4.8CVSS5.8AI score0.00411EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.7 views

CVE-2020-14459

An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...

7.5CVSS6.8AI score0.0094EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/02 3:15 p.m.8 views

CVE-2025-32376

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

4.8CVSS6.6AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/30 2:55 p.m.14 views

CVE-2025-32376 Discourse DM limits aren’t always properly enforced

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

4.8CVSS6.9AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2025/04/30 2:55 p.m.64 views

CVE-2025-32376

CVE-2025-32376 affects Discourse, where the DM limit enforcement could be bypassed. Affected versions are Discourse stable < 3.4.3 and beta

4.8CVSS6.3AI score0.00216EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/31 3:33 p.m.26 views

CVE-2025-27149 Zulip exports can leak private data

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...

4.6CVSS0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:8 p.m.17 views

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

4.3CVSS7AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2025/03/26 2:8 p.m.79 views

CVE-2025-24808

Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...

4.3CVSS7AI score0.00196EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from the...

4.3CVSS6.4AI score0.00351EPSS
Exploits0References1
Circl
Circl
added 2024/03/08 1:16 a.m.5 views

CVE-2024-20301

creationtimestamp| type| source ---|---|--- 2024-03-08 01:16:21+00:00| seen| https://t.me/arpsyndicate/4134...

6.2CVSS6.2AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder