OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals

Summary Google Chat app-url webhook verification accepted add-on principals outside the intended deployment binding. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest published...

CVE-2025-27906

Summary: CVE-2025-27906 affects IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0, exposing a directory listing via an application URL. The IBM bulletin confirms an LFI-style exposure where an authenticated attacker can view file and folder names in the server’s browser, but cannot read or m...

CVE-2025-27906 IBM Content Navigator information disclosure

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...

PT-2025-41930

Name of the Vulnerable Software and Affected Versions IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, and 3.2.0 Description The application may expose a directory listing when accessed via a specific URL. This allows visibility of application files and folders within a browser, though the...

EUVD-2020-19372

Malware in sbrugna...

EUVD-2021-23146

Malware in sbrugna...

EUVD-2022-0635

Malicious code in bioql PyPI...

EUVD-2023-50277

Malicious code in bioql PyPI...

CVE-2025-9628

The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...

DEBIAN-CVE-2025-52560

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to...

CVE-2025-52560

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to...

CVE-2024-22718

Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...

CVE-2024-22718

Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...

CVE-2024-25551

Cross Site Scripting XSS vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL...

CVE-2023-51890

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

CVE-2023-51888

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

CVE-2023-51888

Buffer Overflow vulnerability in the nomath function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL...

Stack overflow

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

Design/Logic Flaw

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...