OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator operators to self-request a broader scope during backend reconnection...

Cross-site Request Forgery (CSRF)

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the request.scope in the validateauthorizationrequest function which leads to cache-backed...

EUVD-2021-0041

Malware in sbrugna...

CVE-2025-49574 Quarkus potential data leak when duplicating a duplicated context

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

Design/Logic Flaw

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

CVE-2020-35681

Technical details about CVE-2020-35681 are not publicly available in the provided connected documents. The sources repeat the vulnerability description but do not expose affected versions, exploitation specifics, mitigations, or patch availability. Monitor for updates.

CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

Django Channels Information Disclosure Vulnerability

Carlton Gibson Django Channels is an application framework from the Carlton Gibson community in Spain. Providing WebSocket, Long Polling HTTP, Task Sharing and other asynchronous support, the framework not only allows you to customize the behavior, but also to write support for your own protocols...