CVE-2026-40037 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

EUVD-2000-0647

Malware in sbrugna...

EUVD-2022-33925

Malicious code in bioql PyPI...

curl: AWS SigV4 Signature Disclosure via Verbose Logging in libcurl

Summary When libcurl is built with AWS SigV4 support, enabling verbose logging CURLOPTVERBOSE or --verbose causes the library to print both the string-to-sign and the final HMAC signature into logs. Because signatures remain valid for several minutes and are derived directly from AWS credentials,...

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

CVE-2019-13533

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves...

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

CVE-2022-29593

CVE-2022-29593 affects Dingtian DT-R002 2CH relay devices (firmware 3.1.276A). The vulnerability is in the relay_cgi.cgi component, allowing an attacker to replay HTTP POST requests without authentication, effectively causing an authentication bypass. Affected product/version: Dingtian DT-R002 2C...

CVE-2019-13533

CVE-2019-13533 affects Omron PLC CJ and CS series (all versions). The vulnerability allows an attacker to monitor PLC-controller traffic and replay requests, potentially opening/closing industrial valves (authentication bypass via capture-replay). Affected products are Omron CJ/CS series PLCs; mi...

CVE-2019-5307

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162C01E160R1P12/C01E160R2P1 and P30 Pro versions before VOG-AL00 9.1.0.162C01E160R1P12/C01E160R2P1, are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on th...

USN-3627-1 apache2 vulnerabilities

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server modauthnzldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2017-15710 Elar Lang discovered that...