1189 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting in Telegram Webhook authentication, which could lead to brute-force attacks...
PT-2026-29236
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...
CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login
Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...
CVE-2026-33879
Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...
CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login
Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...
CVE-2025-55269
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...
CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...
CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...
PT-2026-28471
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions prior to 2.6.0 configure Django REST Framework with BasicAuthentication as a...
IGL-Technologies eParking.fi 安全漏洞
IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability. This vulnerability stems from the lack of a limit on the numbe...
CVE-2026-32025
OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...
Everon 安全漏洞
Everon is an electric vehicle charging station system developed by Everon Corporation. There is a security vulnerability in Everon’s system. This vulnerability stems from the lack of a limit on the number of authentication requests made through the WebSocket API, which can lead to denial-of-servi...
ePower 安全漏洞
ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security vulnerability, which stems from the lack of a limit on the number of authentication requests. This vulnerability could lead to denial-of-service attacks or brute-force attacks...
Mobiliti 安全漏洞
Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, which stems from the lack of a limit on the number of authentication requests made through the WebSocket API. This vulnerability could lead to...
CVE-2026-28395 OpenClaw 2026.1.14-1 < 2026.2.12 - Unintended Public Binding of Chrome Extension Relay via Wildcard cdpUrl
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUr...
CVE-2026-25114
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
EUVD-2026-8949
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
EUVD-2026-8938
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...
Chargemap 安全漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, which stems from the lack of an authentication request limit on the WebSocket API. This vulnerability could lead to denial-of-service attacks or brute-force...