OpenClaw Identity Forgery Vulnerability

OpenClaw is an open source framework for Telegram bot rights management. OpenClaw suffers from an identity forgery vulnerability. An attacker can exploit this vulnerability to illegally manipulate bots by recycling usernames to disguise their identities and bypass privilege restrictions...

OpenClaw 安全漏洞

OpenClaw is an open source framework for Telegram bot rights management. OpenClaw suffers from an identity forgery vulnerability. An attacker can exploit this vulnerability to illegally manipulate bots by recycling usernames to disguise their identities and bypass privilege restrictions...

OpenAM 注入漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation, and federation capabilities. An injection vulnerability exists in Open Access Management OpenAM versions prior to 16.0.0 that stems from the...

EUVD-2025-5064

Malicious code in bioql PyPI...

SICK Field Analytics和SICK Media Server 加密问题漏洞

SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from support for an...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS...

Asterisk 安全漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk has a security vulnerability that stems from improper authentication of SIP MESSAGE requests, which could lead to identity forgery and spamming...

CVE-2024-36555

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW-60 R36CWYDES4A292V1.02023.05.2422.49.44cobb allows malicious users to change the device IMEI-number which allows for forging the identity of the device...

CVE-2024-36555

CVE-2024-36555 affects Forever KidsWatch Call Me KW50 and KW-60. The issue stems from a built-in SMS-configuration command that allows unverified SMS privileges to change the device IMEI, enabling forging the device identity. Affected components: the SMS configuration pathway in the COB_h/COB_b v...

CVE-2024-36555

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW-60 R36CWYDES4A292V1.02023.05.2422.49.44cobb allows malicious users to change the device IMEI-number which allows for forging the identity of the device...

Hitachi Energy RTU500 Scripting interface Trust Management Issue Vulnerability

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used for industrial control systems.RTU500 Scripting interface is part of Hitachi Energy RTU500 series of industrial control components, mainly used to provide scripting programming interface to realize specific...

CKAN 安全漏洞

CKAN is an open source Dms data management system. Used to power data centers and data portals. A security vulnerability exists in CKAN versions prior to 5.4.1, which stems from the fact that if a user does not set a custom value via an environment variable in the .env file, a key is shared betwe...

Xiaomi MIUI Information Disclosure Vulnerability (CNVD-2022-81250)

Xiaomi MIUI is an Android-based smartphone operating system developed by Xiaomi Technology Xiaomi, a Chinese company. Xiaomi MIUI has a security vulnerability, which is due to the lack of parameter verification in some phones, which can be used by attackers to forge a specific identity and lead t...

CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

Design/Logic Flaw

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

TIM Office social software has a logic flaw vulnerability

Tim is an office social software app from Tencent that supports QQ and WeChat login. TIM office social software has a logic flaw vulnerability, which can be exploited by attackers to forge other people's identity to carry out activities...

Insecure Authentication

authmagic-timerange-stateless-core uses insecure authentication. When comparing signatures in the JSON web token JWT and refreshToken, the package does not verify the JWT token sent by user before reissuing a new token, allowing an attacker to forge a user's identity by modifying the payload and...

Logic Flaw Vulnerability in Intelligent Gateway of Beijing BiNian Technology Co.

Smart Gateway is a multi-service converged gateway that integrates the features of wireless controller AC, router and firewall independently developed by Beijing Beyond Technology Co. A logic flaw vulnerability exists in the Intelligent Gateway of Beijing BiNian Technology Co. An attacker can for...