GHSA-4P4F-FC8Q-84M3 OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch

Summary Before OpenClaw 2026.4.2, the iOS A2UI bridge treated generic local-network pages as trusted bridge origins. A page loaded from a local-network or tailnet host could trigger agent.request dispatch without the stricter trusted-canvas origin check. Impact A loaded attacker-controlled page...

OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision

Description In OpenFGA, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. Am I affected? You are affected if you meet the following preconditions: 1. You execute BatchCheck operation...

CVE-2026-3902

A flaw was found in Django. A remote attacker can exploit an ambiguous mapping of header variants with hyphens or underscores to a single version with underscores in ASGIRequest. This vulnerability allows the attacker to spoof headers, potentially leading to unauthorized actions or misdirection...

CVE-2026-24174

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24174

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24173

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24173

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-35572 SSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hosts

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

CVE-2026-35572

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

EUVD-2026-19770

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

CVE-2026-5661

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...

CVE-2025-47391

Memory corruption while processing a frame request from user...

CVE-2026-35036

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

CVE-2026-21376

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver...

CVE-2026-35037

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...

CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

GHSA-MVFQ-GGXM-9MC5 Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

EUVD-2026-19648

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...