OpenClaw has an unspecified vulnerability (CNVD-2026-16385)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...

PT-2025-51004

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description A logic error existed with inadequate error handling. This issue could prevent iCloud Private Relay from activating when multiple user accounts were simultaneously logged in. Recommendations Update to...

Revive Adserver: Information Disclosure via “Add user” lookup in Account Management (User Access)

Version: ==revive-adserver 6.0.0== Flow Administrator Account ├── Management 1 │ ├── User A1 │ └── User A2 └── Management 2 ├── User B1 leak email, contacname └── User B2 leak email, contacname Summary: When a user under Management 1 navigates to User Access → Add user and enters a username, the...

CVE-2025-11621

Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...

PT-2025-43548

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.21.0 Vault Enterprise versions prior to 1.21.0, 1.20.5, 1.19.11, and 1.16.27 Description The AWS Auth method in Vault and Vault Enterprise may allow authentication bypass if the bound principal iam role is identical...

EUVD-2022-0277

Malicious code in bioql PyPI...

EUVD-2022-2132

Malicious code in bioql PyPI...

Incorrect User Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect User Management due to allowing multiple accounts connected to the same email address. An attacker can cause account ambiguity by registering...

Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover

Summary the vulnerability is that users such as resellers or customers are able to create accounts with the same email address as an existing account e.g., if the admin has [email protected], others can also create an account using the same email. This creates potential issues with account...

CVE-2024-4166

creationtimestamp| type| source ---|---|--- 2025-01-05 01:32:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/55 2025-01-05 01:35:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/77 2025-01-05 01:38:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/99...

SimplCommerce 安全漏洞

SimplCommerce is SimplCommerce open source a simple, cross-platform, modular e-commerce system built on . A security vulnerability exists in SimplCommerce. An attacker could exploit the vulnerability to bypass inventory limits and submit simultaneous purchase requests for the same product from...

CVE-2024-45789

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

CVE-2024-45789

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

CVE-2024-45789

CVE-2024-45789 affects Reedos aiM-Star 2.0.1. The vulnerability stems from improper validation of the mode parameter in the registration API endpoint, allowing an authenticated remote attacker to manipulate the API request body to bypass registration constraints and create multiple accounts. Repo...

CVE-2024-45789 Parameter Tampering Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

CVE-2024-45789 Parameter Tampering Vulnerability

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the...

Reedos aiM-Star 安全漏洞

Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1 that stems from improper validation of the mode parameter in the API endpoint used during the enrollment process, which allows an attacker to bypass...

CVE-2024-30471

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...

CVE-2024-30471

Affected software: Apache StreamPipes (prior to 0.95.0). Component/issue: Time-of-check Time-of-use (TOCTOU) race condition during user self-registration. Root cause: Insufficient synchronization allows multiple concurrent requests to check/register the same email. Impact: Potential creation of m...