CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

SUSE CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

Updated chromium-browser package fixes security vulnerability

A scheme validation error in WebUI CVE-2015-1266. Two cross-origin bypass issues in Blink CVE-2015-1267, CVE-2015-1268. A normalization error in the HSTS/HPKP preload list CVE-2015-1269. This update also disables the automatic, silent downloading and installation of "external components" like the...

Google Fixes Handful of Bugs in Chrome

Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on fo...

www/chromium -- multiple vulnerabilities

Google Chrome Releases reports: 4 security fixes in this release: 464922 High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. 494640 High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 497507 Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit...