CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

CVE-2026-54398

CVE-2026-54398 describes an authorization flaw in MISP's object add/edit handling where an authenticated user with object editing permissions can assign objects or their attributes to a sharing group they are not authorized to view. The root cause is that during object edits the sharing group val...

CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the event authorization. An attacker can bypass group authorization and mention gating by crafting a synthetic reacti...

GHSA-M69H-JM2F-2PV8 OpenClaw: Feishu reaction events could bypass group authorization and mention gating

Summary A Feishu reaction-originated synthetic event could misclassify a group conversation as p2p when the inbound reaction payload omitted chattype. Authorization and mention-gating logic keyed off that incorrect chat type and evaluated the event as a direct message instead of a group message...

OpenClaw has an unspecified vulnerability (CNVD-2026-13383)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that stems from the fact that under iMessage groupPolicy=allowlist, the identity of the sender from the DM pairing store can satisfy the group authorization, which can be exploited by an...

CVE-2026-26328

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

CVE-2026-26328

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has a security vulnerability that stems from the fact that under iMessage groupPolicy=allowlist, the identity of the sender from the DM pairing store can satisfy the group authorization, which can be exploited by an...

CVE-2026-26328

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities

Summary Under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Details Affected component: src/imessage/monitor/monitor-provider.ts. Vulnerable logic derived effectiveGroupAllowFr...

EUVD-2022-4048

Malicious code in bioql PyPI...

EUVD-2022-5014

Malicious code in bioql PyPI...

OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

BIT-GITLAB-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

PT-2020-15449 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin versions 1.5 and earlier Description: The issue arises from the plugin not performing proper group authorization checks, leading to a privilege escalation. Specifically, it does not differentiate between...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

PT-2020-11908 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.7 through 12.8.1 Description: The issue involves insecure permissions under certain conditions, specifically when changes to project authorization within groups were not being applied as expected. Recommendations: For GitLa...

Crowd gives more admin permissions than is apparent

When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...