Security Attack and Defense Strategies for Autonomous Agent Frameworks: A Layered Review with OpenClaw As a Case Study

Autonomous agent frameworks built upon large language models LLMs are evolving into complex, tool-integrated, and continuously operating systems, introducing security risks beyond traditional prompt-level vulnerabilities. As this paradigm is still at an early stage of development, a timely and...

Cross-site Request Forgery (CSRF)

fastapi-sso is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing persistence and verification of the OAuth state parameter, which allows an attacker to supply a malicious callback URL and link their account to a victim’s session...

curl: Cross‑Layer State Confusion in libcurl: Credential & Key‑Material Persistence Across Redirect / Connection Reuse Boundaries

Summary: This report describes a state‑level security invariant violation in libcurl where credential‑ or key‑related state may persist or be re‑applied across logical trust boundaries redirects, connection reuse, or scheme transitions without a formal invariant enforcing reset semantics. The iss...

Eclipse Californium 安全漏洞

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap back-end support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions 2.3.0 through 2.6.0, which stems from DTLS server-side persistence of incorrect internal state. ...