GHSA-WCXR-59V9-RXR8 `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state

Summary The built-in sessionstatus tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope. Impact This allowed a sandboxed child session to read parent or sibling sessi...

Brave Software: Brave Browser potentially logs the last time a Tor window was used

Summary: A vulnerability in the Brave Browser allows an attacker to view the last time a Tor session was used in incognito mode. A local, on-disk attacker could read the Brave Browser's "Local State" json file and identify the last time a Tor session was used, affecting the confidentiality of a...

Information Disclosure

Apache gateway-spi is vulnerable to information disclosure. The vulnerability exists cookie header that is forwarded from knox-cilent to backend as Knox does not exclude the user-knox cookies in cilent outbounf requests by adding in REQUESTEXCLUDEHEADERS where an attacker can successfully trick a...