OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13591)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from an unverified webhook key in Telegram webhook mode, which can be exploited by an attacker to forge Telegram updates to bypass the sender permission li...

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from an unverified webhook key in Telegram webhook mode, which can be exploited by an attacker to forge Telegram updates to bypass the sender permission li...

OpenClaw Data Forgery Issue Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from an unverified Telegram key token header and can be exploited by an attacker to process forged updates and perform unexpected actions...

OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-13430)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from unauthenticated TXT records in discovery beacons, where certain clients treat the TXT values as authoritative routing/fixed inputs. An attacker...

OpenClaw 数据伪造问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw is vulnerable to a data forgery issue. The vulnerability stems from an unverified Telegram key token header and can be exploited by an attacker to process forged updates and perform unexpected actions...

RustCrypto signatures: Data forgery vulnerability

RustCrypto signatures are a set of digital signature algorithms developed by RustCrypto under open source. In versions of RustCrypto signatures from 0.0.4 to 0.1.0-rc.4, there was a vulnerability related to data manipulation. This vulnerability stemmed from the signature verification implementati...

IBM ApplinX Data Forgery Issue Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data manipulation vulnerability. This vulnerability stemmed from defects in the SM2 decryption logic, which could lead to the recovery of private keys...

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01 as a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data falsification vulnerability. This vulnerability stemmed from a malleability flaw in the SM2 signature verification logic, which could allow the generation of ne...

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.4.0 had a data forgery vulnerability. This vulnerability stemmed from defects in the SM2 signature verification logic, which could lead to signature forgery...

IBM ApplinX 数据伪造问题漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

MineAdmin Data Forgery Vulnerability

MineAdmin is an open-source permission management system developed by MineAdmin. Versions 1.x and 2.x of MineAdmin have a vulnerability related to data falsification, which stems from insufficient verification of data authenticity...

Jervis 数据伪造问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A data forgery issue vulnerability exists in versions prior to Jervis 2.2 that stems from an unvalidated alg field in the JWT header, which could lead to a security bypass...

Microsoft Windows Admin Center 数据伪造问题漏洞

Microsoft Windows Admin Center is a locally deployed browser-based application from Microsoft USA. The program is primarily used to manage servers, clusters, and more. Microsoft Windows Admin Center is vulnerable to a data forgery issue. An attacker can exploit this vulnerability to elevate...

Hono 数据伪造问题漏洞

Hono is a web framework written in TypeScript from the Hono community. A data forgery issue vulnerability exists in Hono versions prior to 4.11.4 that stems from the JWT validation middleware allowing the JWT header algorithm to influence signature verification, potentially leading to algorithmic...

Hono 数据伪造问题漏洞

Hono is a web framework written in TypeScript from the Hono community. A data forgery issue vulnerability exists in Hono versions prior to 4.11.4 that stems from the JWT validation middleware allowing JWT header algorithmic values to influence signature validation, potentially leading to...

cosign 数据伪造问题漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in Cosign versions prior to 2.6.2 and prior to 3.0.4, which stems from a specially crafted Cosign package being able to validate successfully even if the...

GNUPG 数据伪造问题漏洞

GNUPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A data forgery issue vulnerability exists in GNUPG 2.4.8 and earlier versions, which...

Ever Gauzy Platform 数据伪造问题漏洞

Ever Gauzy Platform is an open source business management platform from Ever. A Data Forgery Issue vulnerability exists in Ever Gauzy Platform version v0.281.9, which stems from an improper implementation of JWT authentication that could lead to unauthorized access...