2 matches found
CVE-2026-6733
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
Use of Incorrectly-Resolved Name or Reference
Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable...