79 matches found
CVE-2026-42599
CVE-2026-42599 affects Svelte SSR. Prior to version 5.55.7, using spread syntax to render attributes from untrusted data may include event handler properties in the rendered HTML, enabling attackers to inject malicious event handlers that run in victims’ browsers if JavaScript is enabled and hydr...
PT-2026-47875
Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...
GHSA-PR6F-5X2Q-RWFP Svelte SSR vulnerable to cross-site scripting via spread attributes
When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers...
Cross-site Scripting (XSS)
Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of attributes using spread syntax from untrusted data, which includes event handler properties in the HTML output. An attacker...
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...
GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...
OpenClaw code issue vulnerability (CNVD-2026-13590)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is a code problem vulnerability , the vulnerability stems from the attachment and media URL hydration exists server-side request forgery , an attacker can use the vulnerability to obtain arbitrary HTTPS URL...
CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
EUVD-2026-9913
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28467
OpenClaw (npm package) before 2026.2.2 is affected by a server-side request forgery in attachment/media URL hydration. An attacker who can influence media URLs via model-controlled sendAttachment or auto-reply could trigger SSRF to internal resources and exfiltrate fetched bytes as outbound attac...
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...
OpenClaw 代码问题漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is a code problem vulnerability , the vulnerability stems from the attachment and media URL hydration exists server-side request forgery , an attacker can use the vulnerability to obtain arbitrary HTTPS URL...
GHSA-FQCM-97M6-W7RM OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset
Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset
Impact sendAttachment and setGroupIcon message actions could hydrate media from local absolute paths when sandboxRoot was unset, bypassing intended local media root checks. This could allow reads of arbitrary host files reachable by the runtime user when an authorized message-action path was...
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...