CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

CVE•added 2026/03/29 12:44 p.m.•9 views

CVE-2026-32924

OpenClaw before 2026.3.12 is affected by an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations rather than group chats. This misclassification allows attackers to bypass groupAllowFrom and requireMention protections for re...

9.8CVSS5.9AI score0.00309EPSS

Exploits0References2Affected Software1

CVE•added 2026/03/21 3:26 a.m.•10 views

CVE-2026-1253

The CVE concerns the WordPress plugin Group Chat & Video Chat by AtomChat. A missing capability check in the AJAX handlers atomchat_update_auth_ajax and atomchat_update_layout_ajax affects all versions up to and including 1.1.7. This allows authenticated users with Subscriber-level access and abo...

4.3CVSS5.8AI score0.00285EPSS

Exploits0References3

RedhatCVE•added 2026/02/11 1:33 a.m.•3 views

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

10CVSS5.5AI score0.00286EPSS

Exploits1References1

NVD•added 2026/02/09 10:16 p.m.•14 views

CVE-2026-25885

10CVSS0.00286EPSS

Exploits1References2

Vulnrichment•added 2026/02/09 9:15 p.m.•2 views

CVE-2026-25885 PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats

10CVSS5.5AI score0.00286EPSS

Exploits1References2

OSV•added 2026/02/09 9:15 p.m.•6 views

CVE-2026-25885 PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats

10CVSS5.5AI score0.00286EPSS

Exploits1References4

CVE•added 2026/02/09 9:15 p.m.•15 views

CVE-2026-25885

CVE-2026-25885 affects PolarLearn: the group chat WebSocket (wss://polarlearn.nl/api/v1/ws) allowed unauthenticated clients to subscribe to and post in any group chat, storing messages in the chatContent. This is described for 0-PRERELEASE-16 and earlier. The vulnerability is unpatched/undetailed...

10CVSS5.5AI score0.00286EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/02/09 12:0 a.m.•6 views

PT-2026-7166

Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-16 Description PolarLearn is a free and open-source learning program. The group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without authentication. An unauthenticated client can subscri...

10CVSS5.5AI score0.00286EPSS

Exploits1References5

Malwarebytes•added 2026/01/28 12:57 p.m.•12 views

WhatsApp rolls out new protections against advanced exploits and spyware

WhatsApp is quietly rolling out a new safety layer for photos, videos, and documents, and it lives entirely under the hood. It won't change how you chat, but it will change what happens to the files that move through your chats—especially the kind that can hide malware. The new feature, called...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/09 9:27 a.m.•6 views

CVE-2023-45828

Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through = 6.2.5...

5.4CVSS7.3AI score0.00783EPSS

Exploits1References1

The Hacker News•added 2025/10/30 5:0 p.m.•7 views

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services...

6.5AI score

Exploits0