78 matches found
DEBIAN-CVE-2026-34872
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...
Brute Force
Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction,...
GHSA-GM9M-X74R-8WHG Duplicate Advisory: OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9528-x887-j2fp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication...
CVE-2026-33580
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting...
PT-2026-29260
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting...
airflow-add-ons (>=0.2.0 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=1.0.0 <=9.17.0)
apache-airflow-providers-amazon PYPI version =1.0.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: OSV:GHSA-RV5F-CCPM-XJJ4...
CVE-2025-12599
Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
EUVD-2025-37436
Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12599
Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12599 Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)
Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12599 Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)
Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
EUVD-2020-12490
Malware in sbrugna...
EUVD-2024-33359
Malicious code in bioql PyPI...
EUVD-2024-41617
Malicious code in bioql PyPI...
EUVD-2024-2856
Malicious code in bioql PyPI...
EUVD-2023-0989
Malicious code in bioql PyPI...
EUVD-2021-2839
Malicious code in bioql PyPI...
EUVD-2025-20712
Malicious code in bioql PyPI...
CVE-2025-49538
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitati...
CVE-2024-10943
An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication...