99 matches found
qemu-kvm: VNC WebSocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
CVE-2026-32001
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-32001
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-32001 OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject...
CVE-2026-32001
OpenClaw prior to version 2026.2.22 is affected by an authentication bypass vulnerability during WebSocket handshake. Clients authenticated with a shared gateway token can connect as role=node without device identity verification, enabling attackers to claim the node role and inject unauthorized ...
OpenClaw Access Control Error Vulnerability (CNVD-2026-13595)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the gateway WebSocket connection handshake allowing device identity checks to be skipped when auth.token is present but not verified, which can be...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
EUVD-2026-9918
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
CVE-2026-28472 OpenClaw < 2026.2.2 - Device Identity Check Bypass in Gateway WebSocket Connect Handshake
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...
OpenClaw 访问控制错误漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the gateway WebSocket connection handshake allowing device identity checks to be skipped when auth.token is present but not verified, which can be...
CVE-2025-68930
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...
RHEL 9 : qemu-kvm (RHSA-2026:3165)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3165 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...
CVE-2025-68930 Traccar Missing Origin Validation in WebSockets
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability in the /api/socket endpoint. The application fails to validate the Origin header during the WebSocket handshake. This allows a remote attacker to bypass...
qemu-kvm: VNC WebSocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
RHEL 9 : qemu-kvm (RHSA-2026:3077)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3077 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...
PT-2026-23547
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The gateway WebSocket connect handshake allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity...
OESA-2026-1353 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...