27 matches found
Budibase 注入漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.4 and earlier have a injection vulnerability. This vulnerability stems from the authorized...
PT-2026-24118
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A flaw exists in the server's authorized middleware, which is designed to protect server-side API...
CVE-2026-28469
OpenClaw contains a webhook routing vulnerability in the Google Chat monitor component (extensions/googlechat/src/monitor.ts) that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. The issue arises because the system uses first-match request ve...
GHSA-GCJ7-R3HG-M7W6 OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity
Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...
GHSA-RQ6G-PX6M-C248 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in the Mattermost Apps Framework, which can be exploited by an attacker to send a POST request to the application's Webhook path and modify the content of messages...