OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from a security bypass issue in node.invokebrowser.proxy, which allowed modification of persistent browser...

EUVD-1999-0534

Malware in sbrugna...

EUVD-2019-8620

Malware in sbrugna...

CVE-2012-10032

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

CVE-1999-0537

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

Hardcoded credentials

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...

CVE-2018-7859

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)

Summary FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server Vulnerability Details CVEID: CVE-2016-8921 DESCRIPTION: IBM FileNet Workplace XT could allow a remote attacker to upload arbitrary files, which...

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

Design/Logic Flaw

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

CVE-2016-7152

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...

RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)

Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...

Apple fixes 2 2 a Safari vulnerability-vulnerability warning-the black bar safety net

5 on 2 2nd, Apple released a about the Safari patch, which fixes the 2 2 vulnerability these vulnerabilities could cause code execution or a browser crash. These vulnerabilities affect OS X Mavericks 10.9 under Safari 7.0.4 and OS X Mountain Lion 10.8. Under the Safari 6.1.4 on. When a user brows...