CVE-2026-41348

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

CVE-2025-27149 Zulip exports can leak private data

Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...

CVE-2025-24808

Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from the...