OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets

Summary Before OpenClaw 2026.3.31, the Zalo webhook replay-dedupe cache was shared across authenticated webhook targets and keyed too broadly. In multi-account deployments, a replay seen on one account could suppress a legitimate event on another account if eventname and messageid matched. Impact...

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision

Description In OpenFGA, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. Am I affected? You are affected if you meet the following preconditions: 1. You execute BatchCheck operation...

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

EUVD-2026-19805

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

Malicious code in strapi-plugin-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322f1a7c9723db125a9be39dcb3f897ca2f65146b7b71874bb3ec26a4825d521 The package strapi-plugin-cache was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2504 Malicious code in strapi-plugin-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322f1a7c9723db125a9be39dcb3f897ca2f65146b7b71874bb3ec26a4825d521 The package strapi-plugin-cache was found to contain malicious code. Source: ghsa-malware...

grav-cms-filecache-object-injection

Grav CMS FileCache Object Injection Description The File...

CVE-2026-35030

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. When JSON Web Token JWT authentication is enabled, the OIDC user information cache uses a truncated portion of the token as a cache key. An unauthenticated attacker can exploit this by crafting a JWT with the same...

USN-8153-1: Salt vulnerabilities

Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. CVE-2015-8034 Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this...

USN-8153-1 salt vulnerabilities

Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. CVE-2015-8034 Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this...

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

DEBIAN-CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

UBUNTU-CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

EEF-CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Summary Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomizatio...

CVE-2026-28810

CVE-2026-28810 affects the Erlang/OTP kernel built-in DNS resolver (inet_res) and its inet_db module. The issue arises from a 16-bit, process-global transaction ID used for UDP queries and the absence of source port randomization, making DNS responses vulnerable to spoofing and cache poisoning wh...

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

EUVD-2026-19582

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...