Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JsonBeanPropertyBinder::expandArrayToThreshold function of the form-urlencoded body binding process. An attacker can cause sustained CPU usage and unbounded memory growth,...

Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

GHSA-43W5-MMXV-CPVH Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

PT-2026-26180

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

GHSA-M344-F55W-2M6J Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Executive Summary A critical library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash responsible for validating the athash Access Token Hash and chash...

EUVD-2026-12482

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding...

GHSA-5H2M-4Q8J-PQPJ FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...

GHSA-G93W-MFHG-P222 Angular vulnerable to XSS in i18n attribute bindings

A Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute for example href on an anchor tag together with Angular's ability to internationalize attributes. Enabling internationalization for...

GHSA-RQPP-RJJ8-7WV8 OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...

OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...

EUVD-2026-12103

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

GHSA-XF99-J42Q-5W5P OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Summary In affected versions of openclaw, node-host system.run approvals could still execute rewritten local code for interpreter and runtime commands when OpenClaw could not bind exactly one concrete local file operand during approval planning. Impact Deployments using node-host system.run...

OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity

Summary In affected versions of openclaw, node-host system.run approvals could still execute rewritten local code for interpreter and runtime commands when OpenClaw could not bind exactly one concrete local file operand during approval planning. Impact Deployments using node-host system.run...

Exploit for Binding to an Unrestricted IP Address in Openprinting Cups-Browsed

CVE-2024-47176 Automated Virtual...

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

PT-2026-25377

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

Angular 跨站脚本漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20 have a cross-site scripting vulnerability. This...

GO-2026-4689 Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth

Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...