Lucene search
K

27 matches found

CNNVD
CNNVD
added 2026/03/09 12:0 a.m.8 views

Budibase 注入漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.4 and earlier have a injection vulnerability. This vulnerability stems from the authorized...

9.1CVSS5.8AI score0.15339EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.8 views

PT-2026-24118

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A flaw exists in the server's authorized middleware, which is designed to protect server-side API...

9.1CVSS5.8AI score0.15339EPSS
Exploits2References12
CVE
CVE
added 2026/03/05 9:59 p.m.18 views

CVE-2026-28469

OpenClaw contains a webhook routing vulnerability in the Google Chat monitor component (extensions/googlechat/src/monitor.ts) that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. The issue arises because the system uses first-match request ve...

8.2CVSS5.9AI score0.003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 10:25 p.m.2 views

GHSA-GCJ7-R3HG-M7W6 OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity

Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...

3.7CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/02/18 12:54 a.m.5 views

GHSA-RQ6G-PX6M-C248 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

9.8CVSS5.6AI score0.003EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/18 12:54 a.m.21 views

OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

8.2CVSS5.6AI score0.003EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in the Mattermost Apps Framework, which can be exploited by an attacker to send a POST request to the application's Webhook path and modify the content of messages...

4.3CVSS6.7AI score0.00437EPSS
Exploits0References2
Rows per page
Query Builder