Lucene search
K

426 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.4 views

CVE-2026-42430

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 7:49 p.m.68 views

xsslab

Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...

5.4AI score
Exploits0
NVD
NVD
added 2026/04/28 7:37 p.m.9 views

CVE-2026-42430

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.27 views

CVE-2026-42430

OpenClaw before 2026.4.8 contains a server-side request forgery (SSRF) vulnerability in Playwright redirect handling that bypasses strict SSRF checks. Affected product: OpenClaw (npm package) with versions prior to 2026.4.8. Root cause: improper handling of Playwright redirects enabling request-t...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/28 6:10 p.m.3 views

EUVD-2026-26132

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.32 views

CVE-2026-42430 OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS0.00188EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.3 views

CVE-2026-42430

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.4 views

CVE-2026-42430 OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 had code vulnerabilities. These vulnerabilities stemmed from issues with Playwright’s redirection handling, involving server-side request forgery. This allowed attackers to...

6.5CVSS5.9AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35808

OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...

6.5CVSS5.2AI score0.00188EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/22 8:23 p.m.9 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41673 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41673 Source advisory:...

8.7CVSS5.8AI score0.00557EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 8:23 p.m.6 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41673 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41673 Source advisory:...

8.7CVSS5.8AI score0.00557EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 8:19 p.m.9 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41674 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41674 Source advisory:...

8.7CVSS5.8AI score0.00392EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 8:16 p.m.8 views

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41672 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41672 Source advisory:...

8.7CVSS5.8AI score0.0034EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:47 a.m.10 views

Malicious code in buildkite-test-collector-playwright-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/16 9:47 a.m.5 views

MAL-2026-2735 Malicious code in buildkite-test-collector-playwright-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9f3f80367ea53fbaf542c199729a13115d8d848157327188cf365303af1d1f3 The package buildkite-test-collector-playwright-example was found to contain malicious code...

5.7AI score
Exploits0
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.27 views

CVE-2026-35653 OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request

OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the...

8.1CVSS0.006EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper handling of redirects in the Playwright navigation. An attacker can access internal or private network resources by crafting requests that...

6.9CVSS5.8AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/09 5:36 p.m.12 views

OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable

Impact Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable. Strict browser SSRF checks could miss Playwright request-time navigation to private targets. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and...

6.5CVSS5.9AI score0.00188EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder