Lucene search
K

89763 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.18 views

Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7fh-qg34-x2xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket...

7.7CVSS5.9AI score0.00265EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.14 views

Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-536q-mj95-h29h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger...

7.7CVSS5.8AI score0.00264EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/06 9:31 p.m.8 views

GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 9:31 p.m.5 views

GHSA-W7RC-VVGX-PJ45 Duplicate Advisory: OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq94-r468-qwgj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allo...

6.3CVSS5.7AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 9:31 p.m.5 views

GHSA-3R56-7HHR-VFG9 Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7fh-qg34-x2xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket...

7.7CVSS5.9AI score0.00265EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/06 8:51 p.m.93 views

Exploit for CVE-2026-40776

CVE-2026-40776 Eventin wp-event-solution Broken Access C...

5.8AI score0.00414EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.10 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.24 views

CVE-2026-44116

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

8.6CVSS0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 8:16 p.m.16 views

CVE-2026-44117

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 8:16 p.m.4 views

CVE-2026-43582

OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to...

6.3CVSS0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 8:16 p.m.5 views

CVE-2026-43580

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute...

7.7CVSS0.00264EPSS
Exploits0References5
NVD
NVD
added 2026/05/06 8:16 p.m.7 views

CVE-2026-43576

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

7.7CVSS0.00265EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 8:16 p.m.8 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.6 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 7:57 p.m.51 views

CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 7:57 p.m.8 views

CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 7:57 p.m.15 views

CVE-2026-40326

Summary: Masa CMS (fork of Mura CMS) contains a CSRF flaw in the createBundle flow (csettings.cfc) that, in versions ≤7.5.2, can be abused by a logged-in admin to trigger silent site-bundle creation. The resulting bundle is written to a predictable public directory, enabling an unauthenticated ac...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:57 p.m.7 views

CVE-2026-40326

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 7:54 p.m.10 views

CVE-2026-40325

Summary: CVE-2026-40325 affects Masa CMS (fork of Mura CMS). In versions up to 7.5.2, the cTrash.restore function fails to validate anti-CSRF tokens, allowing an attacker to lure a logged-in administrator into a forged request that restores deleted items and places them at an attacker-controlled ...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:54 p.m.7 views

CVE-2026-40325

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder