Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 25102+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.5
OpenClaw Platform Privilege Escalation via Phone Control Plugin
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview The OpenClaw platform suffers from an authorization control flaw, allowing non-administrator users to execute configuration write commands (such as `a…

Read more
Premium intel
CVSS 8.2
Fix for Gateway Plugin Runtime Scope Privilege Escalation
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves improper restriction of write operation permissions within the plugin route runtime scope, allowing malicious plugins to bypass permission checks…

Read more
CVSS 6.5
openclaw npm package /phone arm/disarm Bypasses operator.admin Scope Check
github.com · 2026-04-29

# Vulnerability Summary **Title**: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels **CVE ID**: No known CVE **Severity**: Moderate **Reporter**: AntiASecurityL…

Read more
CVSS 6.1
OpenClaw Compiler Path Override Vulnerability and Fix
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the override of compiler paths within the build environment, potentially leading to malicious code execution. Specifically, attackers can overrid…

Read more
Premium intel
CVSS 8.8
OpenClaw Gateway Tool Whitelist and Event Trust Boundary Fix
github.com · 2026-04-29

# Vulnerability Summary ## Overview This commit addresses security issues within the Gateway component of the OpenClaw platform, primarily involving: - Strengthening trust boundaries for node events -…

Read more
CVSS 2.9
openlaw/openclaw diffs extension unauthorized access vulnerability and fix
github.com · 2026-04-29

### Vulnerability Overview This vulnerability affects the `diffs` extension module in the `openlaw/openclaw` project, specifically within the `createDiffViewerHandler` function in the `http.ts` file. …

Read more
CVSS 5.4
Matrix Thread/Reply Context Filter Bypass Fix
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves the thread (Thread) and reply (Reply) context filtering mechanisms in the Matrix protocol. An attacker can bypass existing…

Read more
CVSS 5.3
OpenClaw Discord Plugin Unauthorized Access Vulnerability and Fix
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Unauthorized Access / Permission Bypass - **Affected Component**: Audio pre-transcription feature of the Discord plugin - **…

Read more
Premium intel
CVSS 7.1
Privilege Escalation: /voice set config allows config write without operator.admin scope
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the improper restriction of `operator.admin` permissions within the `/voice set config` command. Specifically, when this command is invoked via t…

Read more
Premium intel
CVSS 8.8
Fix for unbound scopes cleanup in trusted-proxy auth bypass
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview This commit addresses an issue in the `trusted-proxy` authentication mechanism where bound scopes were not being properly cleared. When using `trusted…

Read more
CVSS 8.1
OpenShell Plugin Path Traversal Fix: Enforcing Managed Remote Root Constraints
github.com · 2026-04-29

### Vulnerability Overview - **Vulnerability Name**: OpenShell: Constrained Image Sync Root Directory - **Vulnerability Description**: This vulnerability involves an issue with the constraint of the i…

Read more
CVSS 7.8
CLI Backend Environment Variable Injection Vulnerability and Fix
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves the improper cleaning or validation of environment variables during the processing of the CLI backend environment, which m…

Read more
CVSS 4.6
Canvas AZUI Operation Scheduling URL Trust Bypass Fix
github.com · 2026-04-29

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: #58471 - **Vulnerability Type**: Security Vulnerability - **Vulnerability Description**: Restricts Canvas AZUI operation sched…

Read more
CVSS 7.5
MS Teams Webhook Unauthenticated Access Vulnerability Fix Analysis
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the lack of authentication verification before parsing JSON. Specifically, the flaw exists in the `monitorMSTeamsProvider` function, which fails …

Read more
CVSS 4.6
OpenClaw Plugin Install Security Scan Bypass Fix
github.com · 2026-04-29

# Vulnerability Summary ## Overview This commit fixes an issue where the installation of OpenClaw plugins was not correctly blocked when security scans failed. Specifically, it includes: - Fixing the …

Read more
CVSS 4.8
macOS MagicDNS Wide-Area Gateway Discovery Vulnerability and Fix
github.com · 2026-04-29

### Vulnerability Overview - **Vulnerability Name**: macOS Wide Area Network Gateway Discovery via MagicDNS - **Vulnerability Description**: In macOS systems, the use of MagicDNS for wide area network…

Read more
CVSS 3.7
Fix for Timing Attack in Webhook Secret Comparison Across Multiple Modules
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the use of insecure comparison methods when comparing shared secrets, potentially leading to timing attacks. Specifically, certain modules use `=…

Read more
CVSS 4.6
openclaw skill installation dangerous code pattern bypass fix
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves a failure to correctly block installation during the skill installation process when dangerous code patterns are detected. Specifically: - When d…

Read more
CVSS 6.5
OpenClaw Nostr Channel Config PrivateKey Validation Flaw
github.com · 2026-04-29

# Vulnerability Summary ## Overview The OpenClaw project contains a configuration handling vulnerability. Attackers can exploit the `privateKey` field in the `Nostr` channel configuration by crafting …

Read more
CVSS 5.3
Fix: Limit oversized pre-start media frames in voice-call WebSocket handler
github.com · 2026-04-29

### Vulnerability Overview This vulnerability involves the rejection of oversized pre-start media frames during voice calls. Specifically, when handling WebSocket connections, the system did not enfor…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.