CVE-2026-44993

OpenClaw prior to 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. This flaw allows attackers to bypass dmPolicy enforcement by triggering card-action flows within direct message conversations that...

CVE-2026-44993

OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a card-action event that misclassifies direct...

EUVD-2026-17007

OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chattype are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group...

PT-2026-28452

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw contains an authorization bypass issue. Feishu reaction events lacking chat type information are incorrectly categorized as direct p2p conversations rather than group chats. This...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass groupAllowFrom and requireMention protections in group chats...

GHSA-M69H-JM2F-2PV8 OpenClaw: Feishu reaction events could bypass group authorization and mention gating

Summary A Feishu reaction-originated synthetic event could misclassify a group conversation as p2p when the inbound reaction payload omitted chattype. Authorization and mention-gating logic keyed off that incorrect chat type and evaluated the event as a direct message instead of a group message...

CVE-2026-25885 PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

CVE-2026-25885

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

PolarLearn 访问控制错误漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-16 contain access control vulnerability issues. This vulnerability stems from the use of WebSocket in group chats without the need for login, which may allow unverified clients to subscrib...

📄 WhatsApp Android Contact Gating Bypass

WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...

EUVD-2025-8202

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can...

CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

CryptoChat - Beyond Secure Messaging

Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the...

Fedora 38 : dino (2023-ea6b94395f)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ea6b94395f advisory. Maintenance release with fix for CVE-2023-28686 and bug fixes. Tenable has extracted the preceding description block directly from the Fedora security...

Information Disclosure

dino is vulnerable to Information Disclosure. The attacker can modify the personal bookmark store, change the display of group chats, or force a victim to join a group chat, which can lead to the victim disclosing sensitive information...

Debian DSA-5379-1 : dino-im - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5379 advisory. Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark...

[SECURITY] [DSA 5379-1] dino-im security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5379-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 27, 2023 https://www.debian.org/security/faq -...