OpenClaw 加密问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A cryptographic issue vulnerability exists in versions prior to OpenClaw 2026.2.22. The vulnerability stems from the double use of authentication keys across security domains and can be exploited by an attacker to cause a...

Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks

CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow. Software must therefore supplement architectural defense...

Measuring Security in 5G and Future Networks

In today's increasingly interconnected and fast-paced digital ecosystem, mobile networks, such as 5G and future generations such as 6G, play a pivotal role and must be considered as critical infrastructures. Ensuring their security is paramount to safeguard both individual users and the industrie...

Branch History Leak

AMD ID: AMD-SB-7026 Potential Impact: N/A Severity: N/A Summary Researchers from The Harbin Institute of Technology have shared with AMD a paper titled “Branch History LeakeR: Leveraging Branch History to Construct a New Side Channel-Theory and Practice” that demonstrates a side channel attack...

PT-2024-5854 · Cisco · Cisco Application Policy Infrastructure Controller

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC affected versions not specified Description: A vulnerability in the restricted security domain implementation could allow an authenticated, remote attacker to modify the behavior of...

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions...

CVE-2022-21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing CORS vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code...

PT-2021-10080 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: wildfly versions prior to 20.0.0.Final Description: A flaw was found in the EJBContext principle, which is not popped back after invoking another EJB using a different Security Domain. The highest threat from this issue is to data...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...