CVE-2026-41374

OpenClaw prior to 2026.3.31 processes Discord audio preflight before member authorization, enabling unauthenticated resource consumption. Affected: OpenClaw npm package; vulnerable versions are

PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

CVE-2025-39880 libceph: fix invalid accesses to ceph_connection_v1_info

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

GitLab 7.1 < 13.6.6 / 13.7 < 13.7.6 / 13.8 < 13.8.2 (CVE-2021-22193)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. CVE-2021-22193 Note th...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in the Mattermost WelcomeBot plugin that stems from the plugin's inability to validate member status, allowing visitors to be added or invited to the channel...

CVE-2016-9405

Cross-site scripting XSS vulnerability in member validation in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...