GHSA-G27F-9QJV-22PM OpenClaw log poisoning (indirect prompt injection) via WebSocket headers

Summary In openclaw versions prior to 2026.2.13, OpenClaw logged certain WebSocket request headers including Origin and User-Agent without neutralization or length limits on the "closed before connect" path. If an unauthenticated client can reach the gateway and send crafted header values, those...

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from improper access control of the /aux1/ocussd/trace endpoint, which could allow a low-privileged attacker to read...

ceph: debug logging for v4 auth does not sanitize encryption keys

It was found that Ceph RGW did not properly sanitize encryption keys in debug logging for v4 auth. Encryption keys could be inadvertently disclosed when sharing debug logs...