137 matches found
Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016706)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016706 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
OpenClaw: Slack thread context could include messages from non-allowlisted senders
Summary Before OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread. Impact A Sla...
CVE-2026-41406
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
CVE-2026-41406
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
CVE-2026-41376 OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...
CVE-2026-41376 OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...
PT-2026-35789
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sender allowlist bypass allows remote attackers to access restricted messages. This is achieved by exploiting fetched quoted, root, and thread context messages to circumvent restrictions and...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the Slack thread context. An attacker can inject unauthorized messages into the agent context by replying to allowlisted users in Slack threads, thereby...
EUVD-2026-25342
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context...
Duplicate Advisory: OpenClaw: Slack thread context could include messages from non-allowlisted senders
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qm77-8qjp-4vcm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages ...
CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context...
CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context...
CVE-2026-41358
OpenClaw is vulnerable before version 2026.4.2. The issue arises because Slack thread context is not properly filtered by the sender allowlist, allowing non-allowlisted messages to enter the agent context. Attackers can inject unauthorized thread messages via allowlisted user replies to bypass se...
Incorrect Authorization
Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by...
PT-2026-35761
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An allowlist bypass exists in Matrix thread root and reply context handling due to improper validation of message senders. This allows attackers to fetch thread-root and reply context messages...
kernel: io_uring/sqpoll: zero sqd->thread on tctx errors
No description is available for this CVE...
EUVD-2020-3147
Malware in sbrugna...
UBUNTU-CVE-2023-53231
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...
kernel: io_uring/sqpoll: zero sqd->thread on tctx errors
No description is available for this CVE...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...