OpenClaw 安全特征问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 had security feature vulnerabilities. These vulnerabilities stemmed from the reuse of the PKCE verifier as a state parameter in the Gemini OAuth process, which could lead to t...

PT-2026-30235

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

Insertion of Sensitive Information Into Sent Data

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the OAuth onboarding process in the macOS beta application, where the PKCE codeverifier was exposed as the OAuth state in the URL. An...

CVE-1999-0440

The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...

EUVD-1999-0440

Malware in sbrugna...

EUVD-2023-52300

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-20268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls...

workers-oauth-provider 安全漏洞

workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from a PKCE check being bypassed, which could lead to a failure of the protection mechanism...

CVE-2024-23647 PKCE downgrade attack in Authentik

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

PT-2023-31620 · Unknown · Yii2-Authclient

Name of the Vulnerable Software and Affected Versions: yii2-authclient versions prior to 2.2.15 Description: The Oauth2 PKCE implementation in yii2-authclient is vulnerable in two ways. First, the authCodeVerifier should be removed after usage, similar to authState. Second, there is a risk for a...

PT-2023-30745

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2023.8.5 authentik versions prior to 2023.10.4 Description The issue concerns the implementation of the Proof Key for Code Exchange PKCE in authentik, an open-source identity provider. When initializing an OAuth2 fl...

PT-2022-3259 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.11.0 through 2.4.0 Argo CD versions 2.1.0 through 2.1.15 Argo CD versions 2.2.0 through 2.2.9 Argo CD versions 2.3.0 through 2.3.4 Description: The issue is related to the use of insufficiently random values in parameters i...

CVE-2020-0430

An out of bounds memory read flaw was found in the Linux kernel’s implementation of the eBPF code verifier. A user passing corrupted data to a helper function could access data inside the adjustptrminmaxvals function. By default, the eBPF verifier is only accessible to users with CAPSYSADMIN...

CVE-2021-31440

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking unsigned 32-bit instructions in an eBPF program occurs.. By default accessing the eBPF verifier is only accessible to privileged use...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4910-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4910-1 advisory. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local...

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

...

CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...

Design/Logic Flaw

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...

UBUNTU-CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...

CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from thi...