Monthly
Authentication bypass in OpenClaw before 2026.6.5 enables lower-trust network callers to forge A2UI actions that require higher authorization by submitting crafted HTTP Canvas responses through configured input paths. The flaw (CWE-345: Insufficient Verification of Data Authenticity) allows an attacker to subvert OpenClaw's trust hierarchy and execute privileged actions on downstream systems (SC:H/SI:H per CVSS 4.0), without any direct impact on the OpenClaw instance itself. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; the CVSS 4.0 score of 5.1 reflects significant real-world constraints from high attack complexity and required user interaction.
Stateless reset injection in Quicly, the IETF QUIC implementation embedded in the H2O HTTP server, allows an on-path network attacker to abruptly terminate any active QUIC connection by sending an all-zero packet. The root cause is that Quicly zero-initializes its four stateless reset token slots but never validates which slots hold legitimate peer-advertised tokens, causing the all-zero default to be accepted as a valid reset signal whenever the peer has advertised fewer than four tokens. No public exploit code or active exploitation has been identified at time of analysis; however, the attack is mechanically straightforward for any adversary already positioned on the network path.
Cross-tenant step-file disclosure in Activepieces before 0.83.0 allows any authenticated user on a shared instance to retrieve a workflow step-file attachment belonging to a different tenant by exploiting two compounding defects in the `/v1/step-files/signed` download endpoint: a missing JWT audience check and an unguarded null fileId that causes PostgreSQL to return an arbitrary FLOW_STEP_FILE record. Access is strictly read-only and non-targeted - the attacker cannot choose which tenant's file is returned, as the result depends on PostgreSQL's internal scan order at query time. No public exploit has been identified and no active exploitation is listed in CISA KEV; the vulnerability is patched in version 0.83.0.
Business-logic authentication bypass in Postiz self-hosted AI social media scheduler (gitroomhq/postiz-app) before 2.21.8 lets a low-privileged authenticated user grant any organization a lifetime PRO subscription without paying. The Nowpayments IPN (Instant Payment Notification) callback handler never validated the provider's shared-secret signature and trusted the subscription/organization identifier straight from the request body, so an attacker could forge a payment-confirmation callback. No public exploit identified at time of analysis and the issue is not in CISA KEV; it was privately reported and fixed by removing the crypto-payment code path entirely.
Payment bypass in WP Hotel Booking (WordPress plugin, all versions ≤2.3.1) allows unauthenticated attackers to mark arbitrary hotel reservations as fully paid without submitting genuine payment. The PayPal IPN handler `web_hook_process_paypal_standard()` accepts an attacker-controlled `test_ipn=1` parameter that silently reroutes IPN validation to PayPal's sandbox environment, where a free sandbox account returns a legitimate 'VERIFIED' response; the handler then promotes any pending booking to completed while skipping critical post-verification checks on `receiver_email`, `mc_currency`, and `txn_id` uniqueness. No public exploit is identified at time of analysis, but the attack requires only a free PayPal sandbox account, making it nearly zero-cost for any motivated attacker.
Integrity bypass in Chainguard's apko (and the shared logic in melange) allows a network attacker to swap the actual installed contents of an apk package while its signature check still passes, because apko validated only the control-section hash (.PKGINFO) against the signed APKINDEX and never verified the data-section hash. Anyone able to compromise a package mirror, poison a fetch cache, or MITM the download can therefore inject arbitrary files into images built with these tools. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.
Threshold counting logic in sigstore-go's multi-log verification policy is bypassable by a single compromised transparency or CT log. When a verifier is configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1), the intended defense-in-depth - requiring N distinct log authorities to independently vouch for an artifact - fails because counts accumulate per-entry or per-validation-path rather than per-log-authority. An attacker controlling one compromised Rekor transparency log or CT log can forge multiple entries with distinct indices, or present multiple embedded SCTs across certificate chains, artificially satisfying an N-count threshold with a single compromised source. No public exploit has been identified at time of analysis, and EPSS data is not available in the provided intelligence.
Discourse's AWS SES bounce webhook endpoint (POST /webhooks/aws) validates Amazon SNS message signatures but omits TopicArn binding, allowing any AWS account holder to publish legitimately signed forged Bounce notifications that revoke a targeted Discourse user's email address. Versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 across all active release branches are affected when the SES integration is enabled. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the low attack complexity and absence of Discourse-side authentication requirements make targeted abuse realistic for any motivated actor with an AWS account.
Predictable heading anchor ID generation in Mistune's toc plugin (all versions prior to 3.3.0) enables same-page navigation hijacking when untrusted Markdown content is rendered. The library assigns sequential numeric identifiers (toc_0, toc_1, etc.) to headings without incorporating heading text, so any party able to inject raw HTML containing a matching id attribute can pre-empt the generated anchor and redirect table-of-contents link targets, CSS selectors, or JavaScript DOM event handlers. No public exploit identified at time of analysis, though the deterministic ID scheme makes collision trivial to engineer once content injection is possible.
Proof-system soundness bypass in the Zcash Orchard shielded pool lets a malicious prover forge valid zero-knowledge proofs that satisfy the diversified-address-integrity check pk_d = [ivk] g_d for arbitrary key triples, breaking the binding between an Action and the note's real incoming viewing key, nullifier, and spend authorizing key. The flaw enables an undetectable double-spend within the Orchard pool (bounded only by Zcash's turnstile supply limit) and, given knowledge of a note plaintext, theft of another user's funds by forging spend authorization. No public exploit is identified and there is no evidence of exploitation before remediation, but the bug was live in consensus since NU5 (May 31, 2022) and was fixed via the NU6.2 hard fork on June 3, 2026.
Authentication bypass in OpenClaw before 2026.6.5 enables lower-trust network callers to forge A2UI actions that require higher authorization by submitting crafted HTTP Canvas responses through configured input paths. The flaw (CWE-345: Insufficient Verification of Data Authenticity) allows an attacker to subvert OpenClaw's trust hierarchy and execute privileged actions on downstream systems (SC:H/SI:H per CVSS 4.0), without any direct impact on the OpenClaw instance itself. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; the CVSS 4.0 score of 5.1 reflects significant real-world constraints from high attack complexity and required user interaction.
Stateless reset injection in Quicly, the IETF QUIC implementation embedded in the H2O HTTP server, allows an on-path network attacker to abruptly terminate any active QUIC connection by sending an all-zero packet. The root cause is that Quicly zero-initializes its four stateless reset token slots but never validates which slots hold legitimate peer-advertised tokens, causing the all-zero default to be accepted as a valid reset signal whenever the peer has advertised fewer than four tokens. No public exploit code or active exploitation has been identified at time of analysis; however, the attack is mechanically straightforward for any adversary already positioned on the network path.
Cross-tenant step-file disclosure in Activepieces before 0.83.0 allows any authenticated user on a shared instance to retrieve a workflow step-file attachment belonging to a different tenant by exploiting two compounding defects in the `/v1/step-files/signed` download endpoint: a missing JWT audience check and an unguarded null fileId that causes PostgreSQL to return an arbitrary FLOW_STEP_FILE record. Access is strictly read-only and non-targeted - the attacker cannot choose which tenant's file is returned, as the result depends on PostgreSQL's internal scan order at query time. No public exploit has been identified and no active exploitation is listed in CISA KEV; the vulnerability is patched in version 0.83.0.
Business-logic authentication bypass in Postiz self-hosted AI social media scheduler (gitroomhq/postiz-app) before 2.21.8 lets a low-privileged authenticated user grant any organization a lifetime PRO subscription without paying. The Nowpayments IPN (Instant Payment Notification) callback handler never validated the provider's shared-secret signature and trusted the subscription/organization identifier straight from the request body, so an attacker could forge a payment-confirmation callback. No public exploit identified at time of analysis and the issue is not in CISA KEV; it was privately reported and fixed by removing the crypto-payment code path entirely.
Payment bypass in WP Hotel Booking (WordPress plugin, all versions ≤2.3.1) allows unauthenticated attackers to mark arbitrary hotel reservations as fully paid without submitting genuine payment. The PayPal IPN handler `web_hook_process_paypal_standard()` accepts an attacker-controlled `test_ipn=1` parameter that silently reroutes IPN validation to PayPal's sandbox environment, where a free sandbox account returns a legitimate 'VERIFIED' response; the handler then promotes any pending booking to completed while skipping critical post-verification checks on `receiver_email`, `mc_currency`, and `txn_id` uniqueness. No public exploit is identified at time of analysis, but the attack requires only a free PayPal sandbox account, making it nearly zero-cost for any motivated attacker.
Integrity bypass in Chainguard's apko (and the shared logic in melange) allows a network attacker to swap the actual installed contents of an apk package while its signature check still passes, because apko validated only the control-section hash (.PKGINFO) against the signed APKINDEX and never verified the data-section hash. Anyone able to compromise a package mirror, poison a fetch cache, or MITM the download can therefore inject arbitrary files into images built with these tools. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.
Threshold counting logic in sigstore-go's multi-log verification policy is bypassable by a single compromised transparency or CT log. When a verifier is configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1), the intended defense-in-depth - requiring N distinct log authorities to independently vouch for an artifact - fails because counts accumulate per-entry or per-validation-path rather than per-log-authority. An attacker controlling one compromised Rekor transparency log or CT log can forge multiple entries with distinct indices, or present multiple embedded SCTs across certificate chains, artificially satisfying an N-count threshold with a single compromised source. No public exploit has been identified at time of analysis, and EPSS data is not available in the provided intelligence.
Discourse's AWS SES bounce webhook endpoint (POST /webhooks/aws) validates Amazon SNS message signatures but omits TopicArn binding, allowing any AWS account holder to publish legitimately signed forged Bounce notifications that revoke a targeted Discourse user's email address. Versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 across all active release branches are affected when the SES integration is enabled. No public exploit code exists and the vulnerability is not listed in CISA KEV, but the low attack complexity and absence of Discourse-side authentication requirements make targeted abuse realistic for any motivated actor with an AWS account.
Predictable heading anchor ID generation in Mistune's toc plugin (all versions prior to 3.3.0) enables same-page navigation hijacking when untrusted Markdown content is rendered. The library assigns sequential numeric identifiers (toc_0, toc_1, etc.) to headings without incorporating heading text, so any party able to inject raw HTML containing a matching id attribute can pre-empt the generated anchor and redirect table-of-contents link targets, CSS selectors, or JavaScript DOM event handlers. No public exploit identified at time of analysis, though the deterministic ID scheme makes collision trivial to engineer once content injection is possible.
Proof-system soundness bypass in the Zcash Orchard shielded pool lets a malicious prover forge valid zero-knowledge proofs that satisfy the diversified-address-integrity check pk_d = [ivk] g_d for arbitrary key triples, breaking the binding between an Action and the note's real incoming viewing key, nullifier, and spend authorizing key. The flaw enables an undetectable double-spend within the Orchard pool (bounded only by Zcash's turnstile supply limit) and, given knowledge of a note plaintext, theft of another user's funds by forging spend authorization. No public exploit is identified and there is no evidence of exploitation before remediation, but the bug was live in consensus since NU5 (May 31, 2022) and was fixed via the NU6.2 hard fork on June 3, 2026.