Keycloak 数据伪造问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a data falsification vulnerability. This vulnerability arises when submitting JSON Web encrypted request objects, and if the decrypted content is the original JSON, Keycloak may improperl...

Cashu NUTs 数据伪造问题漏洞

Cashu NUTs is an open-source protocol specification developed by Cashu. Versions prior to Cashu NUTs 6.2.3 and 5.4.31 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that access tokens accepted endpoints in v1 allowed JWTs signed with any key, without verifyi...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 数据伪造问题漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

bitcoinj 数据伪造问题漏洞

Bitcoinj is an open-source Java implementation of a Bitcoin protocol library, supporting wallet management and transaction sending/ receiving. Versions of Bitcoinj prior to 0.17.1 had a data manipulation vulnerability. This vulnerability stems from defects in the fast path validation mechanism in...

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 had a data falsification vulnerability. This vulnerability stemmed from the failure to properly retain the non-trustworthy tags associated with isolated cron events, allowing...

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 had a data falsification vulnerability. This vulnerability stemmed from insufficient input validation, allowing external hook metadata to be added as trusted system events...

Vaultwarden 数据伪造问题漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.35.4 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from updating credential metadata before signature verification during the...

Cesanta Mongoose 数据伪造问题漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained a data manipulation vulnerability. This...

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.3.22 to 2026.3.31 had a data manipulation vulnerability. This vulnerability stemmed from a signature verification bypass in the Nostr DM entry path. It allowed unauthorized remote...

Siemens SINEC NMS 数据伪造问题漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

OpenClaw 数据伪造问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 had a data manipulation vulnerability. This vulnerability stemmed from the fact that TXT metadata in service discovery could affect CLI routing, allowing attackers to redirec...

WordPress plugin Charitable 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Red Hat Enterprise Linux 10 数据伪造问题漏洞

Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. Red Hat Enterprise Linux 10 has a vulnerability related to data falsification. This vulnerability stems from errors in the OpenPGP signature parsing code, which may lead to...

Convoy 数据伪造问题漏洞

Convoy is an open-source platform developed by Convoy for hosting providers and enthusiasts. Versions of Convoy from 3.9.0-beta to 4.5.1 contained a data manipulation vulnerability due to insufficient validation of JWT token signatures, which could lead to authentication bypasses...

Botan 数据伪造问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan from 3.0.0 to 3.11.0 had a data manipulation vulnerability, which stemmed from the lack of signature verification for OCSP responses during the X509 path validation process...

tinyssh 数据伪造问题漏洞

Tinyssh is a lightweight SSH server developed by Jan Mojžíš as an individual project. Versions of Tinyssh prior to 20250501 contained a data manipulation vulnerability. This vulnerability stemmed from an unknown feature in the Ed25519 signature processing component, specifically the file...

Barebox 数据伪造问题漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox before 2025.09.3 and 2026.03.1 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that the hashed-nodes attribute set by mkimage during the creation of FIT was n...

ZeptoClaw 数据伪造问题漏洞

ZeptoClaw is a lightweight personal AI assistant developed by qhkm’s individual developer. Versions of ZeptoClaw prior to 0.7.6 had a data manipulation vulnerability. This vulnerability stems from the use of identity fields provided by trusted callers, with authentication being disabled by defaul...

dropbear 数据伪造问题漏洞

Dropbear is an application developed by Matt Johnston personally. Versions of Dropbear prior to 2025.89 contained a data manipulation vulnerability. This vulnerability stemmed from incorrect operations on the unpackneg function in the file S Range Check/src/curve25519.c, which could lead to...