VYPR

CWE-807

Reliance on Untrusted Inputs in a Security Decision

BaseIncompleteLikelihood: High

Description

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Hierarchy (View 1000)

CVEs mapped to this weakness (52)

page 2 of 3
  • CVE-2026-41299HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients…

  • CVE-2024-9310MedJan 22, 2025
    risk 0.39cvss epss 0.00

    By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories…

  • CVE-2026-12058MedJun 12, 2026
    risk 0.34cvss epss 0.00

    The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

  • CVE-2026-39807MedMay 1, 2026
    risk 0.34cvss epss 0.00

    Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme…

  • CVE-2025-11271MedNov 6, 2025
    risk 0.34cvss 5.3epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this…

  • CVE-2026-1789MedApr 24, 2026
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.

  • CVE-2026-35670MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect…

  • CVE-2026-35655MedApr 10, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and…

  • CVE-2025-53882MedJul 23, 2025
    risk 0.29cvss 4.4epss 0.00

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.

  • CVE-2024-21510MedNov 1, 2024
    risk 0.28cvss 5.4epss 0.00

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an…

  • CVE-2017-0887MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than…

  • CVE-2026-41391MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management…

  • CVE-2025-1969MedMar 4, 2025
    risk 0.21cvss 4.3epss 0.00

    Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for…

  • CVE-2026-53860MedJun 16, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent…

  • CVE-2026-35624MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud…

  • CVE-2026-35617MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected…

  • CVE-2026-41403LowApr 28, 2026
    risk 0.12cvss 2.9epss 0.00

    OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local…

  • CVE-2025-24369LowJan 27, 2025
    risk 0.08cvss epss 0.00

    Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge,…

  • CVE-2026-48061Jun 10, 2026
    risk 0.00cvss epss 0.00

    ### Summary `AllowedHostsMiddleware` trusts the `X-Forwarded-Host` header as a fallback when the `Host` header is absent. Since `X-Forwarded-Host` is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the `Host` header and supplying an…

  • CVE-2026-32057Mar 21, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by…