OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the use of non-constant time string comparisons for hook token validation, which can be exploited by an attacker to infer a token via a timed side channel...

CVE-2022-41914

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

Zulip 信息泄露漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. An information disclosure vulnerability exists in Zulip versions 5.0 through 5.6, which stems from its use of a comparato...

Apereo CAS Security Feature Issue Vulnerability

Apereo CAS is a web-based enterprise multilingual single sign-on solution. A security feature issue vulnerability exists in Apereo CAS versions prior to 6.1.0-RC5, which stems from a poorly encrypted algorithm in the RandomStringUtils PRNG, and can be exploited by an attacker to infer generated...