2 matches found
GHSA-83F3-HH45-VFW9 OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://
Summary Before OpenClaw 2026.4.2, Android accepted non-loopback cleartext ws:// gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint. Impact A user who followed a forged...
Security Bulletin: Publicly disclosed libcurl vulnerabilities affects IBM Safer Payments (CVE-2024-9681)
Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-9681 DESCRIPTION: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making ...