42 matches found
Astra Linux - уязвимость в qtbase-opensource-src
A issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code that makes security-related decisions regarding established connections may execute prematurely, because the encrypted signal has not yet been...
CVE-2026-34778
Electron: Service worker spoof IPC replies flaw allows a session service worker to spoof internal IPC replies used by webContents.executeJavaScript, causing the main-process promise to resolve with attacker-controlled data. Affected only if service workers are registered and the result of execute...
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...
Electron: Service worker can spoof executeJavaScript IPC replies
Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...
GHSA-XJ5X-M3F3-5X3H Electron: Service worker can spoof executeJavaScript IPC replies
Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...
OpenClaw Data Forgery Problem Vulnerability (CNVD-2026-14827)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from improperly parsing the X-Forwarded-For header value, which can be exploited by an attacker to spoof a client's IP address and influence security...
CVE-2026-3635
Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...
OpenClaw 数据伪造问题漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Data Forgery Issue vulnerability that stems from improperly parsing the X-Forwarded-For header value, which can be exploited by an attacker to spoof a client's IP address and influence security...
OpenClaw improperly parses X-Forwarded-For behind trusted proxies allows client IP spoofing in security decisions
Summary OpenClaw used left-most X-Forwarded-For values when requests came from configured trusted proxies. In proxy chains that append/preserve header values, this could let attacker-controlled header content influence security decisions tied to client IP. Affected Packages / Versions - Package:...
Reliance on Untrusted Inputs in a Security Decision
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via improper parsing of the X-Forwarded-For header behind trusted proxies. An attacker can influence security decisions tied to client...
ROS-20260205-73-0027
A vulnerability in the rseq.c component of the Linux operating system kernel is related to the reliance on unreliable input data to make security decisions. Exploitation of the vulnerability allows an attacker to impact the confidentiality and availability of protected information...
PT-2026-2696
CVE-2026-20849 Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network. https://t.co/YLkUwVtaPa...
Lexmark Print Management Client 安全漏洞
Lexmark Print Management Client is a print management client from Lexmark USA. A security vulnerability exists in Lexmark Print Management Client that stems from a reliance on untrusted input in security decisions...
Important: runfinch-finch
Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...
CVE-2018-9467
In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9467
In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9467
In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-9467
In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...
Important: qt5-qtserialport
Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...
An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..
...