CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

CVE-2026-32014

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

CVE-2026-32014

OpenClaw is affected in versions prior to 2026.2.26. The vulnerability is a metadata spoofing flaw where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on a trusted network can spo...

EUVD-2026-13277

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...

XML Injection

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document...

GHSA-VM32-VV63-W422 jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

Impact User control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or...

SUSE CVE-2025-66570

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

Malicious code in pitra-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbc8895fb1c48e299c8f54deef4159d4154c74b0ebf610c6ba5c3b8fb0fce037 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2015-5303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata...

CVE-2020-0299

In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Spoofing Metadata Requests

tripleo-heat-templates is vulnerable to spoofing of metadata requests. It is due to having the bad default setting of a blank value for the NeutronMetadataProxySharedSecret parameter when it is deployed from the command line interface. Not setting the value to this parameter means Neutron does no...

PYSEC-2016-35

The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...

python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value

It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networki...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...