143 matches found
CVE-2026-26328
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...
CVE-2026-26328
OpenClaw is affected by CVE-2026-26328: prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities from the DM pairing store, broadening DM trust into group contexts. This is documented across multiple sources, including Red Hat a...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via monitor-provider.ts. An attacker can gain unauthorized group access by leveraging DM pairing-store identities to satisfy group allowlist authorization, even if...
PT-2026-23521
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Slack slash-command handler incorrectly authorizes any direct message sender when the dmPolicy is set to open. This allows attackers to execute privileged slash commands via direct message,...
CVE-2022-35250
A privilege escalation vulnerability exists in Rocket.chat...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions 2.5 up to and including 2.7.15, which stems from a degradation attack path in the absence of PKI cryptographic flags, and could lead to an...
TikTok scam sells you access to your own fake money
This scam starts in your TikTok DMs. A brand-new account drops a melodramatic message—terminal illness, last goodbye, “I left you some assets.” At the bottom: a ready-made username and password for a crypto site you’ve never used. It’s designed to feel urgent and personal so you tap before you...
EUVD-2018-13769
Malware in sbrugna...
EUVD-2020-6596
Malware in sbrugna...
EUVD-2023-2520
Malicious code in bioql PyPI...
CVE-2022-39840
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM...
CVE-2020-14459
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002...
CVE-2025-32376
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...
CVE-2025-32376 Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...
CVE-2025-32376
CVE-2025-32376 affects Discourse, where the DM limit enforcement could be bypassed. Affected versions are Discourse stable < 3.4.3 and beta
CVE-2025-27149 Zulip exports can leak private data
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...
CVE-2025-24808 Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...
CVE-2025-24808
Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from the...
CVE-2024-20301
creationtimestamp| type| source ---|---|--- 2024-03-08 01:16:21+00:00| seen| https://t.me/arpsyndicate/4134...