GHSA-V8QF-FR4G-28P2 OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy...

jcb-bearing.com Cross Site Scripting vulnerability OBB-2650253

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Curve Metapool does not support rebasing token

Handle gzeon Vulnerability details Impact For interest baring token, Curve use another version of the contract with consideration of underlying asset. The metapool contracts does not support such behaviour. Proof of Concept Actually it is written in Curve's doc Token balances must not change...

YieldSourcePrizePool_canAwardExternal does not work

Handle cmichel Vulnerability details The idea of YieldSourcePrizePoolcanAwardExternal seems to be to disallow awarding the interest-bearing token of the yield source, like aTokens, cTokens, yTokens. "@dev Different yield sources will hold the deposits as another kind of token: such a Compound's...

GHSA-H5VJ-F7R9-W564 Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

dvkbearing.co.za Cross Site Scripting vulnerability OBB-1247612

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Xi'an Bailian Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Xi'an BaiLian Network Technology Co., Ltd. is a domestic technology company specializing in bearing industry management software development and bearing industry portal design. Xi'an Bailian Network Technology Co., Ltd. website building system SQL injection vulnerability, attackers can use the...

Denial Of Service (DoS0

qpid-cpp-mrg is vulnerable to denial of service DoS attacks. The vulnerability exists as the qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing...

CVE-2015-0203

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

Design/Logic Flaw

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

bearing-king.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-401513 Description| Value ---|--- Affected Website:| bearing-king.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

bearing-service.ru XSS vulnerability

Open Bug Bounty ID: OBB-247427 Description| Value ---|--- Affected Website:| bearing-service.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Fedora Core 9 FEDORA-2009-1366 (gpsdrive)

The remote host is missing an update to gpsdrive announced via advisory FEDORA-2009-1366. OpenVAS Vulnerability Test $Id: fcore20091366.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1366 gpsdrive Authors: Thomas Reinke Copyright: Copyright c 2009...