Lucene search
K
GithubRecent

33181 matches found

Github Security Blog
Github Security Blog
added 2026/03/30 7:29 p.m.7 views

Fleet's user account creation via invite does not enforce invited email address

Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...

7.1CVSS6AI score0.00184EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:22 p.m.6 views

Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Summary A Denial of Service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Impact ...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:18 p.m.6 views

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.8CVSS6AI score0.00318EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:17 p.m.5 views

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database

Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment...

8.6CVSS6.1AI score0.00197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:15 p.m.10 views

Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2

Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...

5.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:13 p.m.36 views

Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

8.4CVSS5.9AI score0.00255EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/30 7:6 p.m.5 views

OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy

Fixed in OpenClaw 2026.3.24, the current shipping release. Title Non-owner command-authorized sender can change the owner-only /send session delivery policy CWE CWE-285 Improper Authorization CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Base score: 5.4 Medium Severity Assessment Medium...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 7:5 p.m.8 views

OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface

Fixed in OpenClaw 2026.3.24, the current shipping release. Title browser.request still allows POST /reset-profile through the operator.write surface in OpenClaw v2026.3.22 after GHSA-vmhq-cqm9-6p7q Severity Assessment High CWE: - CWE-863: Incorrect Authorization Proposed CVSS v3.1: - 8.1...

8.1CVSS5.9AI score0.006EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:59 p.m.6 views

OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement

Fixed in OpenClaw 2026.3.24, the current shipping release. Title Mutating internal /allowlist chat commands missed operator.admin scope enforcement CWE CWE-862 Missing Authorization CVSS v3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base score: 6.5 Medium Severity Assessment Medium. This is a...

5.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:52 p.m.7 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The shared /allowlist command persists channel authorization config through writeConfigFile... but does not re-validate gateway client scopes for internal gateway callers. Because chat.send is intentionally reachable to...

7.1CVSS5.9AI score0.00264EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:52 p.m.12 views

OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

8.4CVSS6.4AI score0.00136EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:41 p.m.7 views

OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:32 p.m.17 views

OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS Slow-Body / Slowloris Variant Description: Summary The patch for CVE-2026-32011 tightened pre-auth body parsing limits from 1MB/30s to...

8.7CVSS6AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:31 p.m.10 views

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...

7.7CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:30 p.m.14 views

OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in !stop Chat Command via shell-utils.ts Description: Summary The !stop and /bash stop chat command kills background bash processes using SIGKILL directly,...

6.9CVSS5.9AI score0.00292EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:8 p.m.8 views

AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page

Summary The YPTWallet Stripe payment confirmation page directly echoes the $REQUEST'plugin' parameter into a JavaScript block without any encoding or sanitization. The plugin parameter is not included in any of the framework's input filter lists defined in security.php, so it passes through...

8.2CVSS6.4AI score0.00296EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:5 p.m.7 views

GraphQL API endpoint ignores CORS origin restriction

Impact The GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This bypasses origin restrictions that operators configure to control which websites can interact with the Parse Server API. The REST API correctly...

8.8CVSS5.9AI score0.00202EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:4 p.m.3 views

Sulu checks fix permissions for subentities endpoints

Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...

5.3CVSS5.9AI score0.00258EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:3 p.m.15 views

AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:51 p.m.7 views

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

5.3CVSS6AI score0.00228EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:49 p.m.10 views

AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

Summary The categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is entirely skipped, exposing all non-private categories including those restrict...

5.3CVSS5.8AI score0.00319EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:40 p.m.5 views

LiveQuery protected field leak via shared mutable state across concurrent subscribers

Impact When multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent...

8.2CVSS6AI score0.00367EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:35 p.m.11 views

AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()

Summary The verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows captured or legitimately obtained tokens to provide permanent WebSocket...

5.4CVSS5.9AI score0.00247EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:26 p.m.10 views

MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

Summary Hardcoded Wildcard CORS Access-Control-Allow-Origin: - https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletSseServerTransportProvider.javaL289 -...

6.1CVSS7.5AI score0.00222EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:24 p.m.12 views

FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

Summary The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication...

9.3CVSS5.9AI score0.00299EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:21 p.m.10 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

Summary The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network...

5.8CVSS6AI score0.00235EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:20 p.m.6 views

Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

6.1CVSS6AI score0.00227EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:19 p.m.7 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

Summary ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/30 5:17 p.m.23 views

go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:16 p.m.16 views

NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...

9.9CVSS6AI score0.36503EPSS
Exploits7References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:8 p.m.9 views

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...

9.1CVSS6AI score0.00253EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:7 p.m.21 views

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

8.1CVSS6.2AI score0.00386EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:5 p.m.10 views

go-git missing validation decoding Index v4 files leads to panic

Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...

2.8CVSS5.9AI score0.00153EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:1 p.m.13 views

Glances Vulnerable to Command Injection via Dynamic Configuration Values

Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 5:0 p.m.12 views

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

7.1CVSS6AI score0.00409EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:43 p.m.15 views

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Summary The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which t...

9.8CVSS5.9AI score0.38477EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:41 p.m.7 views

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...

9.9CVSS5.9AI score0.0028EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:38 p.m.11 views

nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval

Summary An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface...

6.9CVSS6AI score0.00948EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:34 p.m.6 views

nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse

Summary The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent...

7.5CVSS6.3AI score0.00534EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/30 4:33 p.m.36 views

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation

Summary The nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory /etc/nginx. In particular, this allows an...

6.9CVSS5.8AI score0.00397EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:23 p.m.15 views

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

9.4CVSS6.3AI score0.00328EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:19 p.m.6 views

ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Mail Settings Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Mail Settings Configuration Fields Description The application fails to properly sanitize user-controlled input withi...

7.2CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:16 p.m.14 views

Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3)

Impact The fix introduced in version 8.1.0 for GHSA-rh2x-ccvw-q7r3 CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. The default --chromium-deny-list value is ^file:?!///tmp/.. This regex is anchored to lowercase file: at the start. However, per RFC 3986 Section 3.1, URI...

8.8CVSS6AI score0.00574EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/30 1:4 p.m.9 views

libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling

Description Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 9:31 a.m.11 views

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS7.5AI score0.01994EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 3:30 a.m.7 views

MLFlow path traversal vulnerability

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

10CVSS7.3AI score0.00587EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.27 views

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.6 views

OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State

Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.10 views

OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:49 p.m.7 views

OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...

6.9CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities33181