CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

Mirion Medical EC2 Software NMIS BioDose 安全漏洞

Mirion Medical EC2 Software NMIS BioDose is a software for managing and analyzing biological dosimetry data from Mirion Medical, Germany. A security vulnerability exists in Mirion Medical EC2 Software NMIS BioDose V22.02 and prior versions, which stems from an insecure Windows shared directory pa...

CVE-2022-49891 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2022-24633

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/". A malicious actor could identify the existence of users by requesting share information on specified share paths...

ASUS GT-AC5300 Buffer Overflow Vulnerability

The ASUS GT-AC5300 is a wireless router from ASUS. A buffer overflow vulnerability exists in ASUS GT-AC5300 3.0.0.4.38432738 and prior versions. An attacker can exploit this vulnerability to cause a denial of service device crash by setting a long shpath0 value and sending a request to...

CVE-2018-17022

Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.38432738 allows remote attackers to cause a denial of service device crash or possibly have unspecified other impact by setting a long shpath0 value and then sending an appGet.cgi?hook=selectlist"StoragexSharedPath" request,...