8 matches found
CVE-2026-41348
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...
GHSA-RVVF-6VH3-9J43 OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
Summary Discord Slash Commands Bypass Group DM Channel Allowlist Current Maintainer Triage - Status: narrow - Normalized severity: moderate - Assessment: v2026.3.28 native Discord slash and autocomplete paths still skip the group-DM allowlist, but impact is limited to already-authorized Discord...
OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist
Summary Discord Slash Commands Bypass Group DM Channel Allowlist Current Maintainer Triage - Status: narrow - Normalized severity: moderate - Assessment: v2026.3.28 native Discord slash and autocomplete paths still skip the group-DM allowlist, but impact is limited to already-authorized Discord...
EUVD-2025-8203
Malicious code in bioql PyPI...
CVE-2025-24808
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...
CVE-2025-24808 Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...
CVE-2025-24808 Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...
X (Formerly Twitter): Tweet Deck XSS- Persistent- Group DM name
Hello Group names in tweetdeck.twitter.com aren't filtered properly, giving scope for Cross site vulnerability attacks. Challenge I have faced while escalating the xss: - group name can only be 9 character long. How i bypassed it: Set multiple group names with different payloads, which means we c...