GHSA-RHFG-J8JQ-7V2H OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

CVE-2026-28476

creationtimestamp| type| source ---|---|--- 2026-03-07 12:07:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghs2yjb5l2d...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28476 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28476 Source advisory: OSV:GHSA-PG2V-8XWH-QHCC...

CVE-2023-28476

creationtimestamp| type| source ---|---|--- 2023-04-28 18:27:30+00:00| seen| https://t.me/cibsecurity/63065...

Exploit for CVE-2021-28476

pack test and exploitdev for POC CVE-2021-28476 from bluefrostse...

CVE-2021-28476

creationtimestamp| type| source ---|---|--- 2021-06-01 06:25:29+00:00| seen| https://t.me/pwnwikizhchannel/573 2021-06-01 19:22:49+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3514 2021-07-01 11:03:01+00:00| seen| https://t.me/CyberSecurityTechnologies/3732 2021-07-29...

Microsoft Hyper-V 远程代码执行漏洞（CVE-2021-28476）

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476 "Hyper-V Remote Code Execution Vulnerability", an arbitrary memory read in vmswitch.sys Network virtualization service provider patched by Microso...

Exploit for CVE-2021-28476

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code...

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one ...

Microsoft Windows Multiple Vulnerabilities (KB5003209)

This host is missing a critical security update according to Microsoft KB5003209 SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-28476

Windows Hyper-V Remote Code Execution Vulnerability...

CVE-2021-28476 Windows Hyper-V Remote Code Execution Vulnerability

...

CVE-2021-28476

CVE-2021-28476 is a Hyper-V vmswitch.sys vulnerability enabling guest-to-host access via an out-of-bounds read in VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST when processing OID_SWITCH_NIC_REQUEST. Public PoC/exploit code exists (e.g., 0vercl0k and LaCeeKa repos) and prior reports describe guest-trig...

KB5003169: Windows 10 version 1909 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

KB5003210: Windows Server 2008 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

KB5003173: Windows 10 version 2004 / Windows 10 version 20H2 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

KB5003233: Windows 7 and Windows Server 2008 R2 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...