Automotive Grade Linux app-framework-binder 访问控制错误漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...

GHSA-MFG5-7Q5G-F37J OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure

Summary @openclaw/voice-call and the bundled copy shipped in openclaw accepted media-stream WebSocket upgrades before stream validation. In reachable deployments, unauthenticated pre-start sockets could be held open and increase resource pressure. Affected Packages / Versions - openclaw npm:...

Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007

This module provides an API that other modules can use to add realtime capabilities to Drupal, specifically enabling pushing updates to open connected clients. The module doesn't disconnect unauthenticated sockets, allowing those sockets to receive broadcast messages. For sites that only serve...