OpenClaw has an unspecified vulnerability (CNVD-2026-16384)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a bypass of the allowed list...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause a bypass of the allowed list...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass of the allowed list in the system.run exec analysis, allowing...

bokeh 安全漏洞

bokeh is a Python library for data visualization from Bokeh open source. A security vulnerability exists in bokeh 3.8.1 and earlier versions, which stems from a misconfiguration of the allowed list and could lead to an attacker interacting with the Bokeh server...

SAP S/4HANA 注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An injection vulnerability exists in SAP S/4HANA that stems from CRLF injection and could lead to bypassing the allowed list...

CVE-2025-4143

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

Bitdefender GravityZone Update Server 代码问题漏洞

Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A code issue vulnerability exists in Bitdefender GravityZone Update Server versions prior to 3.5.2.689, which is rooted in...

Astro-Shield 安全漏洞

Astro-Shield is an open source library from KindSpells Labs. It is used to compute sub-resource integrity hashes for JS scripts and CSS stylesheets. A security vulnerability exists in Astro-Shield versions 1.2.0 through 1.3.1, which stems from a vulnerability that allows an attacker to bypass the...

springframework-amqp: Deserialization Vulnerability

A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker...

CVE-2023-34050

A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker. Mitigation An application may be vulnerable if: - The SimpleMessageConverter...

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

Spring AMQP Code Issue Vulnerability

Spring AMQP applies core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 1.0.0 through 2.4.16 and 3.0.0 through 3.0.9, which stems from the addition of an Allowed List pattern for deserializable class names in Spring...

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings14 was not mitigated and still applies like it is described there. --- The text was updated successfully, but these errors were encountered: All reactions...

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details Impact When purchaseProof.length == 0, GroupBuy.purchase compare the tokenId with the merkleRoot. This allow any tokenId that match the merkleRoot to be purchased, even if they are not included in the allow list during setup. if purchaseProof.length == 0 //...

Pexip Infinity 信任管理问题漏洞

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities.A security vulnerability exists in versions of Pexip Infinity...

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot-loading, suitable for API management under the microservices architecture. APISIX Dashboard has a security...