15 matches found
CVE-2026-43251
In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...
CVE-2026-43136 HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidppgetreportlength Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be...
EUVD-2026-25317
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...
Duplicate Advisory: OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to...
GHSA-W9F5-8Q83-QWPX Duplicate Advisory: OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to...
CVE-2026-41333
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...
CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...
CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...
PT-2026-34764
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a certification rate-limiting bypass vulnerability, which allowed attackers to circumvent shared...
SUSE CVE-2023-52866
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...
DEBIAN-CVE-2023-52866
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...
UBUNTU-CVE-2023-52866
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...
CVE-2023-28368
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...
Design/Logic Flaw
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...