Lucene search
K

3 matches found

Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.10 views

OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/29 3:50 p.m.3 views

GHSA-MF5G-6R6F-GHHM OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.3CVSS5.9AI score0.00244EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 10:27 p.m.3 views

CVE-2026-27981 HomeBox has an Auth Rate Limit Bypass via IP Spoofing

HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter authRateLimiter tracks failed attempts per client IP. It determines the client IP by reading, 1. X-Real-IP header, 2. First entry of X-Forwarded-For header, and 3. r.RemoteAddr TCP connection...

7.4CVSS5.8AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder