OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

EUVD-2021-14499

Malware in sbrugna...

CVE-2022-39228

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. This allows a malicious user to lock out the user from accessing their account.

The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. Exploiting this vulnerability could allow a malicious actor to remotely block a user’s access to their account...

CVE-2023-4094

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the...

CVE-2022-39228

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

PYSEC-2023-52

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

CVE-2022-39228 Observable Response Discrepancy in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

CVE-2022-39228 Observable Response Discrepancy in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

vantage6 vulnerable to Observable Response Discrepancy

Impact We are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong...

GHSA-36GX-9Q6H-G429 vantage6 vulnerable to Observable Response Discrepancy

Impact We are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong...

CVE-2021-27758

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-35231)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from account...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-35233)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from incorrect...

MediaWiki AbuseFilter extension 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems from incorrect...

Infogram: User account blocking by Internal Server error

If you send a language=en in https://infogram.com/api/users/me user be forever get an Internal Server error EVEN AFTER re-logining: https://youtu.be/AxYa11lEiWA I idk why does hackerone can't upload this video so I uploaded this video privately to the youtube! In this video, I'm trying to relogin...

Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A cross-site request forgery vulnerability exists in Microsoft ASP.NET Core...

MetalGenix GeniXCMS Denial of Service Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A security vulnerability exists in MetalGenix GeniXCMS versions prior to 1.1.0. A remote attacker can...

Multiple IBM products strongly certified to bypass vulnerabilities

The IBM License Metric Tool and BigFix Inventory are both products of IBM Corporation of America. The former is a set of free tools that help IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU licensing needs, and the latter is a soluti...

CVE-2014-5268

CVE-2014-5268 affects the Drupal contributed module Fasttoggle (7.x-1.3 and 7.x-1.4). The advisory confirms an access-control flaw: remote attackers can block or unblock user accounts via a crafted user status link, due to a rewrite of the access control that mishandles the user status (allow/blo...