CVE-2026-45005

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

EUVD-2026-29150

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

EUVD-2011-2708

Malware in sbrugna...

EUVD-2014-0116

Malware in sbrugna...

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

VulnCheck KEV: CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

UBUNTU-CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Debian DLA-1644-1 : policykit-1 security update

Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges : CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit...

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...