CVE-2026-44695

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2026-44695

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2026-44695

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

EUVD-2026-29343

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2026-44695

Summary: CVE-2026-44695 affects Outline before version 1.7.1. The Slack OAuth flow for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. If an attacker can obtain a Slack OAuth code for the same Outline Slack client, they can cause a logged-in Outline user to comple...

PT-2026-39865

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.1 Description The Slack integration callback for the endpoint "/auth/slack.post" accepts an unsigned, session-independent OAuth state value. This allows a third party with a Slack OAuth code for the same Outline...

Outline 跨站请求伪造漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.7.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the Slack integration callback accepting unsigned OAuth state values, which could allow third parties to link user...

OpenClaw Code Injection Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

CVE-2026-24764

OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...

CVE-2026-24764

OpenClaw formerly Clawdbot is a personal AI assistant users run on their own devices. In versions 2026.2.2 and below, when the Slack integration is enabled, channel metadata topic/description can be incorporated into the model's system prompt. Prompt injection is a documented risk for LLM-driven...

OpenClaw 代码注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code injection vulnerability. The vulnerability stems from the fact that channel metadata may be included in the model's system prompts when the Slack integration is enabled, increasing the attack...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...

OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...

GHSA-782P-5FR5-7FJ8 OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

Summary When the Slack integration is enabled, Slack channel metadata topic/description could be incorporated into the model's system prompt. Impact Prompt injection is a documented risk for LLM-driven systems. This issue increased the injection surface by allowing untrusted Slack channel metadat...

PT-2026-20318

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.3 Description OpenClaw is a personal AI assistant. When the Slack integration is enabled, Slack channel metadata topic/description can be incorporated into the model's system prompt. This increases the injecti...

CVE-2026-24055 Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

EUVD-2018-9204

Malware in sbrugna...

EUVD-2024-2012

Malicious code in bioql PyPI...