OpenClaw has an unspecified vulnerability (CNVD-2026-14830)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from not consistently applying sender policy checks to reaction and pin non-message events, which can be exploited by an attacker to cause the injection of...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the isAllowedParsedChatSender process. An attacker can gain unauthorized access to direct messaging or reaction features by sending messages from an untrusted...

Incorrect Authorization

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the isAllowedParsedChatSender process. An attacker can gain unauthorized access to direct messaging or reaction features by sending messages from...

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2025-13352

Mattermost vulnerability CVE-2025-13352 affects Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions = 2.5.0-rc1 or higher) or apply vendor-supplied security updates. Further advisories from Red Hat, CIRCL, OSV, GHSA, and others corroborate the identity validation bypas...

EUVD-2024-2607

Malicious code in bioql PyPI...