OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-14827)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from improperly parsing the X-Forwarded-For header value, which can be exploited by an attacker to spoof a client's IP address and influence security...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 had code vulnerabilities. These vulnerabilities stemmed from incomplete SSRF protections, and the save endpoint did not apply the validatewebhookurlforssrf protection. This allowe...

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

PT-2026-3031

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users...

CVE-2018-25127 SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users...

Ivanti EPM 数据伪造问题漏洞

Ivanti EPM is a one-stop-shop for managing user profiles and all client devices from Ivanti, USA. Ivanti EPM is vulnerable to a data forgery issue vulnerability that stems from the inclusion of an improper signature verification issue. Allowing a remote unauthenticated attacker to exploit the...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

immudb 数据伪造问题漏洞

immudb is a CodeNotary open source immutable database based on zero-trust, SQL and key-value, tamper-resistant, data change history . immudb version 1.4.1 before there is a data forgery problem vulnerability , the vulnerability stems from a malicious server can provide false proof , the client SD...

Cisco Catalyst 9200 Series Switches 数据伪造问题漏洞

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

IBM Spectrum Protect Plus 代码问题漏洞

IBM Spectrum Protect Plus is a data protection platform from IBM Corporation. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes.A security vulnerability exists in IBM Spectrum...

Lcobucci jwt 数据伪造问题漏洞

Jwt is a simple library that uses Json Web Token and Json Web Signature. Lcobucci jwt is vulnerable to a data forgery issue that stems from a failure to validate data in the product based on the hmac algorithm using a file path as a hash key to validate the token. An attacker could initiate a...

Opto 22 SoftPAC Project Data Forgery Issue Vulnerability (CNVD-2020-29560)

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. A data forgery issue vulnerability exists in Opto 22 SoftPAC Project...

Siemens SINEMA Remote Connect Server Cross-Site Request Forgery Vulnerability

Siemens SINEMA Remote Connect Server is a server application. SINEMA Remote Connect allows users to access remote equipment or machines so that maintenance can be performed easily and safely. A security vulnerability exists in Siemens SINEMA Remote Connect Server. An attacker could exploit this...

CVE-2018-16338

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...