The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security risks stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an ...
VentureBeat

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to ...
GitHub

Potential Host Header Injection / Open Redirect in Password Reset Flow

There appears to be a Host Header injection vulnerability in the password reset feature of the VigyBag application. An attacker could potentially craft a malicious password reset link that uses an ...
GitHub

Leantime has Host Header Injection Vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
IEEE

Mitigating NoSQL Injection Vulnerabilities: Techniques, Examples, and Best Practices

Abstract: NoSQL injection is a security vulnerability that allows attackers to interfere with an application’s queries to a NoSQL database. Such attacks can result in bypassing authentication ...
IEEE

SQL injection vulnerability general patch using header sanitization

Abstract: SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables ...