Lucene search
K

91 matches found

Snyk
Snyk
added 2026/02/18 5:45 p.m.7 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication when starting sandbox browser bridge server. An attacker can gain unauthorized access to browser control...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 12:53 a.m.5 views

GHSA-3FQR-4CG8-H96Q OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...

7.1CVSS5.7AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20368

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote...

7.1CVSS5.5AI score0.0014EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/15 12:42 p.m.6 views

CVE-2025-9063

An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs,...

9.8CVSS6.8AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25723

Malware in sbrugna...

6.1CVSS6.3AI score0.00581EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28266

Malicious code in bioql PyPI...

6.8CVSS5.8AI score0.00478EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4028

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00988EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-19806

Malicious code in bioql PyPI...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9665

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00811EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/08/29 11:26 a.m.19 views

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...

7.4AI score
Exploits0
OSV
OSV
added 2024/02/12 7:15 p.m.6 views

CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

5.4CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/02/12 7:15 p.m.22 views

CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

6.4CVSS6.2AI score0.00295EPSS
Exploits0References1
Prion
Prion
added 2024/02/12 7:15 p.m.23 views

Cross site scripting

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

4.9CVSS6.5AI score0.00295EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/12 6:45 p.m.16 views

CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

6.4CVSS6.3AI score0.00295EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 11:15 p.m.17 views

Code injection

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

4.9CVSS5.6AI score0.00346EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 12:0 a.m.12 views

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

6.8AI score0.00346EPSS
Exploits1References1
CVE
CVE
added 2023/09/27 12:0 a.m.53 views

CVE-2023-43191

CVE-2023-43191 affects SpringbootCMS 1.0 and related JFinalCMS entries, with a stored XSS condition: malicious code embedded in a foreground message saved to the database can execute when users view comments. The Red Hat advisory and multiple CVE records describe the attack as HTML-embedded scrip...

5.4CVSS5.5AI score0.00346EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/12/30 12:0 a.m.40 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS2.5AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2022/12/22 8:15 p.m.5 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS7.4AI score0.00233EPSS
Exploits0References2
0day.today
0day.today
added 2022/04/27 12:0 a.m.181 views

WordPress Curtain 1.0.2 Cross Site Scripting Vulnerability

Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Description Several...

7.4AI score
Exploits0
Rows per page
Query Builder