CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

GHSA-RQ6G-PX6M-C248 OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

WordPress plugin Add Custom Codes 跨站请求伪造漏洞

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

WordPress Advanced Database Cleaner plugin cross-site request forgery vulnerability

WordPress Advanced Database Cleaner plugin a plugin for cleaning and optimizing WordPress databases to help users remove redundant data such as spam comments, old drafts, etc., improve site performance and reduce database size. The WordPress Advanced Database Cleaner plugin suffers from a...

EUVD-2020-21250

Malware in sbrugna...

EUVD-2011-1495

Malware in sbrugna...

EUVD-2017-4242

Malware in sbrugna...

EUVD-2018-20452

Malware in sbrugna...

WordPress plugin Build App Online 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Build App Online 1.0.23 and prior...

WordPress plugin FluentSnippets 跨站请求伪造漏洞

WordPress FluentSnippets is an open source project , mainly used to provide WordPress developers to create custom themes function code snippets . WordPress FluentSnippets suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a...

CVE-2023-33185

Django-SES is a drop-in mail backend for Django. The djangoses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...

WordPress plugin Accept Donations with PayPal 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Accept Donations with PayPal plugin, which stems from the WEB application not adequately verifying that a...

BIT-HYPERLEDGER-FABRIC-PEER-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

GHSA-48GG-32Q2-4R6M Hyperledger Fabric does not verify request has a timestamp within the expected time window

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38215)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deleteproduct.php component not adequately verifying that a request comes from a...

Requests `Session` object does not verify requests after making first request with verify=False

...

GNU Savane Cross-Site Request Forgery Vulnerability

GNU Savane is a collaborative software development management system for the US GNU community. GNU Savane suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately verify that a request is from a trusted user. No details of the vulnerabili...

TYPO3 Information Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. An information disclosure vulnerability exists in TYPO3 versions 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, and 13.0.0, which stems from the...