Lucene search
K

5 matches found

OSV
OSV
added 2026/04/28 12:31 a.m.13 views

GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

6.9CVSS5.8AI score0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 11:24 p.m.17 views

CVE-2026-41372

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.

6.9CVSS5.3AI score0.00251EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.2 views

CVE-2026-41372

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS5.3AI score0.00251EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/03 1:17 p.m.23 views

CVE-2026-3343 WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

5.1CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 6:16 p.m.6 views

CVE-2026-24432

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 lack cross-site request forgery CSRF protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered b...

5.1CVSS0.00108EPSS
Exploits0References2
Rows per page
Query Builder