Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 23504+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
OpenClaw Image Input Validation Bypass Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview The OpenClaw platform has an image input validation vulnerability that allows attackers to bypass existing security restrictions by crafting image inp…

Read more
OpenClaw SSH Subprocess Environment Variable Leakage Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview This commit fixes a security vulnerability in environment variables of SSH subprocesses within the OpenClaw project. The vulnerability allows sensitiv…

Read more
OpenShell Mirror Sync Directory Exclusion Bypass Vulnerability Analysis
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the mirror synchronization feature of `OpenShell`, specifically that the `replaceDirectoryContents` function does not correctly exclude certain d…

Read more
Discord Group DM Whitelist Bypass Vulnerability Fix Analysis
github.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves bypassing the whitelist restriction for group DM channels via Discord native commands. Specifically, an attacker can circumvent access c…

Read more
openclaw-gateway-tool config protection bypass fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview This vulnerability involves bypassing the protection mechanism for write operations on protected gateway configuration in the `openclaw` project. Specifically, when…

Read more
Device Token Rotation Session Revocation Bypass
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the failure to revoke active sessions during token rotation. Specific manifestations include: - After token rotation, active sessions of the old …

Read more
OpenClaw session-status visibility bypass vulnerability and fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the visibility protection mechanism of the `session-status` tool, which does not sufficiently restrict all callers. In certain cases, this allows…

Read more
OpenClaw Plivo Voice Callback SSRF Fix
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: `fix(voice-call): pin plivo callback origins` - **Vulnerability Description**: In the file `extensions/voice-call/src/providers/plivo.ts`, there is…

Read more
Discord Bot Group DM Route and Auth Logic Vulnerability Fix
github.com · 2026-04-24

# Vulnerability Summary ## Overview This commit fixes routing and authentication logic vulnerabilities related to Group DM (Group Direct Message) component interactions in the Discord bot. The main is…

Read more
openclaw Discord Slash Commands Bypass Group DM Channel Allowlist
github.com · 2026-04-24

# Discord Slash Commands Bypass Group DM Channel Allowlist ## Vulnerability Overview - **Vulnerability Name**: Discord Slash Commands Bypass Group DM Channel Allowlist - **Severity**: Low - **Descript…

Read more
OpenClaw Gateway Shared Secret Rate Limit Bypass Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview The OpenClaw gateway failed to properly retain shared secret rate limiting during hybrid handshake processes, resulting in bypass of security restrict…

Read more
OpenClaw Gateway Trusted Proxy Bypass Vulnerability and Fix
github.com · 2026-04-24

# OpenClaw Vulnerability Summary ## Vulnerability Overview A security vulnerability exists in the OpenClaw gateway that allows an attacker to bypass the HTTP source check of the trusted proxy by forgi…

Read more
OpenClaw Cross-Origin Redirect Sensitive Information Disclosure Vulnerability and Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview OpenClaw has a sensitive information leakage vulnerability during Cross-Origin Redirects. When the application performs a cross-origin redirect, it in…

Read more
OpenClaw Pairing Request Counting Logic Fix
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a logic error in the pairing request counting within the OpenClaw project. Specifically: - When limiting the number of pen…

Read more
OpenClaw Telegram Pairing AllowFrom Migration Logic Defect
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview There is a migration logic flaw in the Telegram pairing allow list (`pairing allowFrom`) within the OpenClaw project. This flaw causes the system to f…

Read more
Gateway Service Unauthenticated Command Execution via Node Pairing Bypass
github.com · 2026-04-24

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Unauthorized Access to Node Pairing Commands - **Vulnerability Description**: Allows execution of node commands before node …

Read more
OpenClaw fix for workspace .env variable override vulnerability
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves a fix for the override of the `bundled-root` environment variable in the `workspace` configuration file. The specific issue is that certain envir…

Read more
OpenClaw Connection Snapshot Metadata Unauthorized Access Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves an issue with the administrator-scoped client in the OpenClaw project related to connection snapshot metadata. Specific manifestations are: - Con…

Read more
Telynx Webhook Signature Verification Bypass Fix
github.com · 2026-04-24

### Vulnerability Overview This vulnerability involves the webhook security verification mechanism of Telynx. An attacker can bypass Telynx’s signature verification by crafting specific requests, ther…

Read more
libxml2 CVE-2026-6732 DoS via XSD Validation SIGSEGV Analysis
bugzilla.redhat.com · 2026-04-24

# Bug 2461300 Vulnerability Summary ## Vulnerability Overview - **CVE ID**: CVE-2026-6732 - **Vulnerability Type**: Denial of Service - **Trigger Condition**: Triggered by a specially crafted XSD vali…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.