GHSA-CJG8-85GJ-V9Q2 Duplicate Advisory: OpenClaw: Feishu webhook and card-action validation now fail closed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xh72-v6v9-mwhc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validatio...

CVE-2026-44109

OpenClaw CVE-2026-44109 affects OpenClaw prior to 2026.4.15, with an authentication bypass in Feishu webhook and card-action validation. The issue arises from a missing encryptKey configuration and blank callback tokens that fail open, allowing unauthenticated requests to reach command dispatch a...

CVE-2026-2669

Rongzhitong Visual Integrated Command and Dispatch Platform is identified as vulnerable in CVE-2026-2669. The affected component is the User Handler, specifically the file path /dm/dispatch/user/delete. The root cause is improper access controls caused by manipulating the argument ID, enabling re...

PT-2026-20497

Name of the Vulnerable Software and Affected Versions Rongzhitong Visual Integrated Command and Dispatch Platform versions prior to 20260207 Description A flaw exists in Rongzhitong Visual Integrated Command and Dispatch Platform that allows for improper access controls. The issue is related to a...

fprime 命令注入漏洞

fprime is a NASA open source framework for flight software and embedded systems. A security vulnerability exists in fprime v3.4.3, which stems from command injection in the Command Dispatch Service and could lead to an attacker executing arbitrary commands...

BIT-MONGODB-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

CVE-2022-24272

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

UBUNTU-CVE-2022-24272

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

Input validation

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

CVE-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...