GHSA-WH94-P5M6-MR7J OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows

Overview Discord moderation action handling timeout, kick, ban used sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. Impact In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin...

GHSA-MJ5R-HH7J-4GXF OpenClaw Telegram allowlist authorization accepted mutable usernames

Summary Telegram allowlist authorization could match on @username mutable/recyclable instead of immutable numeric sender IDs. Impact Operators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands identity rebinding/spoof risk. Th...

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services AWS Simple Notification Service SNS. The SMS phishing messages are designed to propagate malicious links that are designed to capture victims'...

CVE-2023-40889

creationtimestamp| type| source ---|---|--- 2023-08-29 20:17:42+00:00| seen| https://t.me/cibsecurity/69366...

CVE-2023-20205

creationtimestamp| type| source ---|---|--- 2023-08-17 02:37:06+00:00| seen| https://t.me/cibsecurity/68717...

CVE-2017-15972

SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php senderid parameter, or the /admin Email field, a related issue to CVE-2017-15971...