### Summary Fiber cache middleware's default key generator uses only `c.Path()` and does not include the query string. As a result, requests like `/?id=1` and `/?id=2` can map to the same cache key and share the same cached response. This can cause response mix-up (cache poisoning-like behavior) for endpoints where response content depends on query parameters. ### Details Default configuration in cache middleware: - `KeyGenerator: func(c fiber.Ctx) string { return utils.CopyString(c.Path()) }` References: - https://github.com/gofiber/fiber/blob/main/middleware/cache/config.go#L90-L92 - https://github.com/gofiber/fiber/blob/main/middleware/cache/cache_test.go#L599-L621 The existing test demonstrates that when handler output depends on query parameter `id`, a second request with a different query still returns the first cached response (cache hit), confirming query is not part of the default cache key. ### PoC Minimal PoC: ```go package main import ( "log" "github.com/gofiber/fiber/v3" "github.com/gofiber/fiber/v3/middleware/cache" ) func main() { app := fiber.New() app.Use(cache.New()) // default config app.Get("/", func(c fiber.Ctx) error { return c.SendString(c.Query("id", "1")) }) log.Fatal(app.Listen(":3000")) } ``` Reproduction: 1. `GET /?id=1` - Cache miss - Response body: `1` 2. `GET /?id=2` - Cache hit - Response body: `1` (expected `2`) Local verification command used: ```bash go test ./middleware/cache -run Test_Cache_WithNoCacheRequestDirective -count=1 ``` Observed result: test passes, confirming this is current behavior. ### Impact - Responses that should vary by query parameters can be mixed between requests. - In real deployments, this may leak or corrupt user/tenant-specific content if query parameters influence context or data selection. - This is deployment-dependent but security-relevant, and not safe-by-default for query-variant responses. ### Suggested remediation - Change default cache key generation to include path + normalized query string (or canonicalized original URL). - Keep ability for custom key generators. - Add explicit documentation warning that path-only keying is unsafe for query-dependent responses.
Out-of-bounds read in Apache Thrift C++ JSON deserialization allows remote attackers to leak sensitive information and trigger denial of service via malformed JSON payloads. Affects Apache Thrift versions prior to 0.23.0. The vulnerability has low exploitation probability (EPSS 0.02%) and is not currently listed in CISA KEV, suggesting limited real-world weaponization despite network-accessible attack vector.
KDE KCoreAddons before version 6.25 contains an improper neutralization of special elements vulnerability in the KShell::quoteArgs() function that fails to safely escape metacharacters and control characters, allowing local attackers with user interaction to inject arbitrary shell commands or terminal control sequences when user input is passed to shell execution contexts. Applications using this method to quote arguments for security-critical operations are affected; exploitation requires local access and user interaction but can achieve arbitrary code execution with user privileges.
KDE Dolphin before 25.12.3 allows sandboxed applications (running under Flatpak or AppArmor confinement) to bypass sandbox restrictions and open arbitrary files outside their containment boundary through the FileManager1 D-Bus protocol implementation. An attacker controlling a sandboxed application can exploit this to access sensitive files or execute scripts with user interaction, circumventing the intended isolation model.
Stored cross-site scripting (XSS) in the Woostify WordPress plugin through version 2.5.0 allows authenticated attackers with Contributor-level access and above to inject arbitrary JavaScript into pages via unsanitized href attributes in the bundled Lity.js lightbox library. The injected scripts execute in the browsers of any user visiting the compromised page, enabling account takeover, credential theft, and malware distribution. No public exploit code has been identified at the time of analysis, but the vulnerability requires only low complexity network access with authenticated credentials.
Stored Cross-Site Scripting in Social Post Embed plugin for WordPress up to version 2.0.1 allows authenticated attackers with Contributor-level access to inject arbitrary JavaScript into page content via the Threads embed handler due to insufficient input sanitization and output escaping. Injected scripts execute when any user views the affected page, enabling session hijacking, credential theft, or malware distribution from trusted WordPress sites. No public exploit code or active exploitation has been identified at the time of analysis.
Stored Cross-Site Scripting in Timeline Blocks for Gutenberg WordPress plugin through version 1.1.10 allows authenticated contributors and above to inject arbitrary JavaScript via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block, executing malicious scripts whenever any user views the affected page. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied block attributes. Exploitation requires WordPress contributor-level access or higher and affects all versions up to 1.1.10.
Stored cross-site scripting in WPC Smart Messages for WooCommerce plugin through version 4.2.8 allows authenticated attackers with contributor-level access to inject arbitrary JavaScript via the 'text' attribute of the wpcsm_text_rotator shortcode, resulting in execution whenever users view affected pages. The vulnerability stems from insufficient input sanitization and output escaping. No active exploitation confirmed; patch available in version 4.2.9.
OpenClaw before version 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer, allowing attackers to bypass the allowRemoteViewer access control restriction. Unauthenticated remote attackers can exploit this authentication bypass by sending specially crafted proxied requests that are incorrectly identified as local traffic, gaining unauthorized access to the diffs viewer functionality. The vulnerability requires network access and specific timing/proximity conditions (per CVSS AT:P vector), but once exploited results in confidentiality impact through unauthorized information disclosure.
OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended rate-limiting protections on Tailscale-capable paths.
OpenClaw before version 2026.4.2 leaks shared-secret length information through timing side-channel attacks in cryptographic comparison operations. The vulnerability stems from early length-mismatch checks in shared-secret comparison routines that violate constant-time security requirements, allowing remote attackers to measure timing differences and infer secret lengths without authentication. This weakens the cryptographic guarantees of the library's shared-secret handling.
OpenClaw before version 2026.3.31 allows remote attackers to bypass configuration revocation controls by restarting the application, which rehydrates revoked Tlon configuration settings from disk state due to improper handling of empty-array settings during startup migration. An attacker with network access and the ability to trigger application restarts can restore previously revoked authentication or authorization configurations without explicit re-enablement, potentially compromising intended security controls.
Server-side request forgery in NVIDIA NemoClaw's validateEndpointUrl() function allows local attackers with user interaction to supply crafted endpoint URLs targeting the 0.0.0.0/8 address range via blueprint configuration files or CLI flags, leading to information disclosure. The vulnerability affects all versions of NemoClaw and requires local access with user interaction to trigger, limiting exposure to systems where untrusted users can modify configuration or invoke CLI commands.
OpenClaw before version 2026.4.2 allows authenticated attackers to delete arbitrary remote directories during mirror mode synchronization operations by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. An attacker with login credentials can craft malicious OpenShell config paths that cause the mirror sync function to delete unintended remote directory contents before replacing them with uploaded workspace data, resulting in data loss and potential service disruption.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the Name parameter in the save_category function at /admin/ajax.php. The vulnerability requires valid administrative credentials but poses moderate confidentiality, integrity, and availability risk. Publicly available exploit code exists and EPSS score of 0.84 indicates high exploitation probability despite the authentication gate.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 via the ID parameter in /view_prod.php allows authenticated remote attackers to execute arbitrary SQL queries with low complexity and no user interaction required. The vulnerability has a publicly available exploit and CVSS score of 6.3 reflecting moderate impact on confidentiality, integrity, and availability. Active exploitation is not yet confirmed in CISA KEV, but public proof-of-concept code exists.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in the save_order function at /admin/ajax.php?action=save_order, potentially enabling data exfiltration, modification, or deletion. Publicly available exploit code exists and the vulnerability carries a CVSS score of 6.3 with low complexity, indicating moderate real-world risk despite requiring login credentials.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to read, modify, or delete database contents through the ID parameter in the category function (pizza/index.php?page=category). The vulnerability has publicly available exploit code and requires valid user authentication to exploit, making it a moderate-risk issue suitable for immediate patching in production environments.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to manipulate the ID parameter in the get_cart_items AJAX function (/admin/ajax.php?action=get_cart_items) to execute arbitrary SQL queries and extract, modify, or delete database contents. The vulnerability has a CVSS score of 6.3 with publicly available exploit code, posing moderate risk to affected installations.
SQL injection in code-projects Coaching Management System 1.0 allows authenticated remote attackers to manipulate the complaintreply parameter in the POST handler at /cims/modules/admin/reply.php, leading to unauthorized database access and potential data exfiltration or modification. CVSS score of 6.3 reflects low confidentiality, integrity, and availability impact with network vector and low attack complexity. Public exploit code is available, and the vulnerability requires valid user authentication to trigger.
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.
Spring AI versions 1.0.0-1.0.5 and 1.1.0-1.1.4 expose ONNX machine learning models to unauthorized disclosure when the application runs in shared hosting environments, allowing local users with limited system access to read sensitive model files and potentially reverse-engineer proprietary ML logic. The vulnerability stems from insecure temporary file handling (CWE-377) that fails to restrict file permissions on extracted model artifacts. Authentication requirements are minimal-only local system access is needed-making this a significant risk in multi-tenant cloud platforms and shared servers.
Server-side request forgery (SSRF) in o2oa up to version 10.0 allows authenticated remote attackers to manipulate the fileUrl parameter in the FileAction component to trigger arbitrary HTTP requests from the server. The vulnerability requires authenticated access (PR:L) but can facilitate attacks against internal services, exfiltrate sensitive data, or pivot to backend systems. Publicly available exploit code exists, and the vendor has not yet responded to early notification.
SQL injection in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to execute arbitrary SQL commands through the loadDict endpoint by manipulating the keyword parameter in the SqlInjectionUtil function. The vulnerability has a CVSS score of 6.3 with network-accessible attack vector, and publicly available exploit code exists; patch availability is confirmed via GitHub commit a9c8e8eb1185751c4c3c68d2a53f3dadee9edc6b.
OpenClaw versions 2026.2.6 through 2026.3.24 allow authenticated remote attackers to read arbitrary files outside configured sandbox boundaries via path traversal in the Feishu extension's resolveUploadInput function during upload_image operations. The vulnerability bypasses file-system sandbox restrictions through improper path resolution, enabling confidentiality compromise of sensitive data accessible to the application process.
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway auth route to gain unauthorized write access to runtime operations.
OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only filesystem policy.
Unrestricted file upload vulnerability in code-projects Online Music Site 1.0 allows authenticated high-privilege administrators to upload arbitrary files via the txtimage parameter in AdminUpdateAlbum.php, potentially leading to remote code execution. The vulnerability is network-accessible, has publicly available exploit code, and requires high-level administrative credentials to exploit, limiting attack surface primarily to insider threats or compromised admin accounts.
Stored cross-site scripting (XSS) in code-projects Coaching Management System 1.0 allows authenticated remote attackers to inject malicious scripts via the Complaint parameter in the complaint form page (/cims/modules/student/complaint.php), affecting users who view injected content. CVSS 5.1 reflects low confidentiality impact and limited integrity impact requiring user interaction; publicly available exploit code exists, confirming practical exploitability.
OpenClaw before version 2026.3.31 allows authenticated attackers to read arbitrary host files through improper validation in the appendLocalMediaParentRoots function, enabling exfiltration of credentials and sensitive data. The vulnerability permits model-initiated file access by exploiting a self-whitelisting mechanism that fails to properly validate media parent directory paths. Authentication is required, but the flaw affects confidentiality with a CVSS score of 6.0.
SQL injection in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in the delete_category function (/admin/ajax.php?action=delete_category). The vulnerability requires high-privilege authentication but enables limited confidentiality and integrity impact. Publicly available exploit code exists, elevating real-world risk despite the moderate CVSS score of 5.1.
SQL injection in SourceCodester Pharmacy Sales and Inventory System 1.0 allows authenticated high-privilege attackers to manipulate the ID parameter in the delete_expired function via /ajax.php?action=delete_expired, enabling remote database query manipulation with confidentiality, integrity, and availability impact. Publicly available exploit code exists and the vulnerability has been documented by VulDB.
Spring AI fails to properly isolate conversation contexts when user-supplied input is passed directly as conversationId to VectorStoreChatMemoryAdvisor, allowing remote unauthenticated attackers to inject filter logic that exfiltrates sensitive data from other users' chat histories, including secrets and credentials. Exploitation requires moderately complex attack construction (AC:H) but no user interaction, affecting only applications with the specific vulnerable configuration pattern.
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as trusted generated media.
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing closed.
Out-of-bounds read in Artifex MuPDF up to version 1.28.0 within the CFF Index Handler's fz_subset_cff_for_gids function allows local attackers with low privileges to disclose sensitive information from application memory. The vulnerability requires local access and low privilege level but can be triggered without user interaction; publicly available exploit code exists and the vulnerability remains unpatched as of the last vendor response.
OpenClaw before version 2026.3.31 accepts arbitrary tailnet peers as DNS authorities due to improper validation in its wide-area discovery mechanism, enabling attackers positioned within the same tailnet with CA-trusted endpoint access to manipulate DNS resolution and exfiltrate operator credentials. The vulnerability requires adjacent network access, high attack complexity, and user interaction, but results in high confidentiality impact through credential theft. No active exploitation has been publicly confirmed at the time of analysis.
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Cross-site scripting (XSS) in SourceCodester Pizzafy Ecommerce System 1.0 allows authenticated high-privilege administrators to inject malicious scripts via the Name parameter in the /admin/index.php?page=save_settings endpoint, exploited when an admin visits a crafted link. The vulnerability requires high privilege level (admin) and user interaction (UI:P), limiting but not eliminating real-world risk in environments with untrusted admins or admin account compromise. Publicly available exploit code exists.
Stored cross-site scripting (XSS) in SourceCodester Pharmacy Sales and Inventory System 1.0 allows authenticated remote attackers with high privileges to inject malicious scripts via the Name parameter in the supplier management function (/index.php?page=supplier), affecting users who view the poisoned supplier records. The vulnerability requires user interaction (clicking a malicious link) and has CVSS 4.8 with publicly available proof-of-concept code, though it is limited to high-privileged users (PR:H) and causes only integrity impact (VI:L) without confidentiality or availability compromise.
OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and achieve arbitrary code execution.
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity.
OpenClaw before version 2026.3.31 allows local authenticated attackers to redirect Python package-index traffic by injecting malicious URLs through unsanitized PIP_INDEX_URL and UV_INDEX_URL environment variables, enabling interception or manipulation of package management operations. The vulnerability requires local access and authentication but can result in high integrity impact through compromised package delivery. No active exploitation has been publicly confirmed, but the attack surface is direct and the remediation is straightforward.
OpenClaw before 2026.3.31 allows authenticated users with approved host-exec requests to execute arbitrary code during build processes by overriding compiler binary environment variables (CC, CXX, CARGO_BUILD_RUSTC, CMAKE_C_COMPILER) through an incomplete host-env-security-policy.json configuration. The vulnerability requires local access and prior authentication to an OpenClaw instance, but enables full code execution with inherited privileges during compilation. No public exploit code has been identified at time of analysis.
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Command injection in dvladimirov MCP up to version 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the repo_url or pattern arguments in the GitSearchRequest function of mcp_server.py. The vulnerability has a publicly available exploit and CVSS 6.9 score indicating moderate severity with network-accessible attack vector and low complexity, though the vendor has not responded to the early disclosure.
A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used.
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Path traversal in duartium papers-mcp-server allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the topic argument in the search_papers function. The vulnerability affects commit 9ceb3812a6458ba7922ca24a7406f8807bc55598 and is publicly exploitable with proof-of-concept code available; the vendor has been notified via issue report but has not yet responded.