67 matches found
CVE-2026-7787
CVE-2026-7787 affects Langflow OSS versions 1.0.0–1.9.1. A session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows unauthenticated attackers to read or modify chat history by overriding the session_id used during flow execution when a PUBLIC flow includes a...
CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
Astra Linux - уязвимость в firefox
A compromised content process could have performed session history manipulations that it should not have been able to due to a testing infrastructure that wasn’t restricted to only testing configurations. This vulnerability affects Firefox versions less than 88...
Astra Linux - уязвимость в firefox, thunderbird
Session history navigations may have led to a use-after-free condition, potentially causing exploitable crashes. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
EUVD-2026-21460
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
CVE-2026-35657
OpenClaw is affected by an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history endpoint, present in versions before 2026.3.25. The issue allows access to session history without proper operator.read permissions by bypassing scope validation. Attackers can exploit this via...
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the HTTP /sessions/:sessionKey/history route skipping the operator.read range validation, which could allo...
PT-2026-31968
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the /sessions/:sessionKey/history route, which failed to enforce the required operator.read scope during authentication. An attacker can access session history...
GHSA-5JVJ-HXMH-6H6J OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope
Summary Gateway HTTP Session History Route Bypasses Operator Read Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details The HTTP /sessions/:sessionKey/histor...
OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope
Summary Gateway HTTP Session History Route Bypasses Operator Read Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details The HTTP /sessions/:sessionKey/histor...
EUVD-2021-10921
Malware in sbrugna...
EUVD-2007-1113
Malware in sbrugna...
EUVD-2022-37425
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-24001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not...
CVE-2021-24001
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...
SUSE CVE-2023-37209
A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...