CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

GHSA-RQ6G-PX6M-C248 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

WordPress plugin Add Custom Codes 跨站请求伪造漏洞

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

WordPress Advanced Database Cleaner plugin cross-site request forgery vulnerability

WordPress Advanced Database Cleaner plugin a plugin for cleaning and optimizing WordPress databases to help users remove redundant data such as spam comments, old drafts, etc., improve site performance and reduce database size. The WordPress Advanced Database Cleaner plugin suffers from a...

EUVD-2017-4242

Malware in sbrugna...

EUVD-2011-1495

Malware in sbrugna...

EUVD-2020-21250

Malware in sbrugna...

EUVD-2018-20452

Malware in sbrugna...

WordPress plugin Build App Online 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Build App Online 1.0.23 and prior...

WordPress plugin FluentSnippets 跨站请求伪造漏洞

WordPress FluentSnippets is an open source project , mainly used to provide WordPress developers to create custom themes function code snippets . WordPress FluentSnippets suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a...

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform lies in the lack of a mechanism for verifying the authenticity of incoming RFC requests. This allows attackers to increase their privileges.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to the absence of a mechanism for verifying the authenticity of incoming RFC requests during processing. Exploiting this vulnerability allows an attacker operating remotely to increase their...

CVE-2023-33185

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

WordPress plugin Accept Donations with PayPal 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Accept Donations with PayPal plugin, which stems from the WEB application not adequately verifying that a...

The vulnerability of the data loading function from the arxiv scientific article archive in the GPT Academic machine learning application allows a hacker to perform an SSRF attack.

The vulnerability of the data loading function in the arxiv scientific article application for machine learning GPT Academic is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

BIT-HYPERLEDGER-FABRIC-PEER-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

GHSA-48GG-32Q2-4R6M Hyperledger Fabric does not verify request has a timestamp within the expected time window

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38215)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deleteproduct.php component not adequately verifying that a request comes from a...

Requests `Session` object does not verify requests after making first request with verify=False

...