CVE-2026-32066

OpenClaw has a memory-exhaustion vulnerability in the Zalo webhook endpoint present before version 2026.3.1. The issue allows unauthenticated attackers to trigger unbounded in-memory key accumulation by sending repeated requests with varying query strings to the same webhook route, causing memory...

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...