16827 matches found
CVE-2026-43583
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...
io.micronaut.aot:micronaut-aot-core (=3.0.0-M2), io.micronaut.aot:micronaut-aot-std-optimizers (=3.0.0-M2) +427 more potentially affected by CVE-2026-44241 via io.micronaut:micronaut-context (>=5.0.0-M1 <=5.0.0-M24)
io.micronaut:micronaut-context MAVEN version =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M3 and more Source cves: CVE-2026-44241 Source advisory: SNYK:JAVA-IOMICRONAUT-16478697...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the unbounded formattersCache in TimeConverterRegistrar. An attacker can exhaust system memory and cause a server crash by sending numerous HTTP requests with unique...
Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain
Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
CVE-2026-43170
A flaw was found in the Linux kernel's USB DWC3 gadget driver. This vulnerability occurs when the dwc3gadgetvbusdraw function is called from an atomic context, which then invokes power management integrated circuit PMIC APIs that may cause the system to sleep. An attacker could exploit this...
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...
CVE-2026-44118
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...
CVE-2026-44118
OpenClaw is affected by CVE-2026-44118 prior to version 2026.4.22. The vulnerability arises because loopback MCP owner context is derived from spoofable server-issued bearer tokens in request headers. This allows non-owner loopback clients to impersonate the owner by manipulating the sender-owner...
CVE-2026-43583 OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...
CVE-2026-43583
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...
CVE-2026-43583 OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...
CVE-2026-43583
OpenClaw 2026.4.10 before 2026.4.14 fails to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery. Affected ver...
MINI-H3W2-WHPM-84F3
Bulletin has no description...
BIT-JAVA-MIN-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...
BIT-JAVA-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...