CVE-2026-44118

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

PT-2026-38251

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description OpenClaw derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can bypass owner-gated operations by manipulating the...

Linux Distros Unpatched Vulnerability : CVE-2024-7523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only...

CVE-2022-1579

The function checkisloginpage uses headers for the IP check, which can be easily spoofed...

Spoofable Contents

chromium-browser:bionic is spoofable . Inappropriate implementation allows a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Spoofable Security UI

chromium:edge has spoofable security UI. Inappropriate implementation in Autofill in Google Chrome allowed a remote attacker to spoof security UI via a crafted HTML page...

Spoofable Contents

chromium:edge has spoofable content. Incorrect security UI in Navigation in Google Chrome on Android allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Icinga 信任管理问题漏洞

Icinga is a scalable server, network resource monitoring system from Icinga, Germany. Icinga suffers from a trust management issue vulnerability that stems from instances of the application connecting to any of the mentioned time-series databases via spoofable infrastructure using TLS...

Spoofable Relay

tor:sid is vulnerable to spoofable relays. Relays could spoof RELAYEND or RELAYRESOLVED cell on half-closed streams because clients failed to validate which hop sent these cells. This would allow a relay on a circuit to end a stream that wasn't actually built with it...

Spoofable Secure Lock Icon

firefox:sid is using spoofable Secure Lock icon. Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page...

Information Disclosure Via Spoofable Website

firefox is vulnerable to information disclosure via spoofable website .A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a...

WordPress limit-login-attempts-reloaded Security Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress limit-login-attempts-reloaded plugin prior to versi...

Spoofable Cookies

Microsoft asp.net has caused spoofable cookies. It does not properly encode the data string parsed to cookie name value, allowing an attacker who can perform a secondary exploit such as an XSS vulnerability in the web site to inject the spoofed cookies if the prefixes are used...

Spoofable Address Bar

WebKitGTK+ is vulnerable to spoofable address bar. Due to lack of proper implementation of the history feature, it allows remote attackers to spoof the address bar via unspecified vectors...

Spoofable Signature

D-Bus is vulnerable to Spoofable Signature. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for sending messages between applications. A local user could use this flaw to send a message with a malformed signature t...

Spoofable Address Bar

Mozilla Firefox is vulnerable to Spoofable Address Bar. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site...

Spoofable SSL Certificate

SeaMonkey is vulnerable to spoofable SSL certificate. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could hav...

Spoofable User Session

kiali uses spoofable user session. The attack is possible due to Insufficient JWT Session Expiration validation, leading to Session Fixation and privilege escalation...

Spoofable UI

firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...

Spoofable Tokens

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...