CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

SUSE CVE-2005-4900

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is...

WHO COVID-19 Mobile App: Error Page Text Injection (no compromise)

Hi team! I want to report a context spoofing or text injection at http://hack.whocoronavirus.org/ 404 page Vulnerability Description : The http://hack.whocoronavirus.org/ scope allows users to inject any content on the 404 not found webpage Vulnerable Location :...