OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were caused by insufficient routing access control in the Nostr plugin’s HTTP configuration file, which might allow...

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers...

BIT-OPENTELEMETRY-COLLECTOR-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...

EUVD-1999-0846

Malware in sbrugna...

EUVD-2017-3666

Malware in sbrugna...

EUVD-2023-54201

Malicious code in bioql PyPI...

EUVD-2023-54203

Malicious code in bioql PyPI...

CVE-2025-50121

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...

CVE-2023-23130

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP cleartext with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS durin...

Use-After-Free

squid is vulnerable to Use-After-Free. The vulnerability occurs due to a HTTP Collapsed Forwarding configuration allowing malicious attackers to crash the Squid process, leading to a denial-of-service DoS...

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers...

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

Design/Logic Flaw

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers...

Default configuration

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

CVE-2023-4329

CVE-2023-4329 affects Broadcom RAID Controller web interface / Broadcom Broadcom RAID Web Console Software, as described across multiple sources in the connected documents. The vulnerability arises from an insecure default HTTP configuration that fails to safeguard the SESSIONID cookie with the S...

CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

CVE-2023-4338 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers...

CVE-2023-4336

CVE-2023-4336 affects Broadcom RAID Controller web interface. Root cause: insecure default HTTP configuration that fails to set the Secure attribute on cookies. Reported impact includes high confidentiality, integrity, and availability concerns (networks exploitability with no user interaction; b...