14 matches found
EUVD-2026-29145
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...
CVE-2026-45000
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...
CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...
PT-2026-39689
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...
OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Browser profile creation normalized cdpUrl values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly...
CVE-2026-32972 OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can create or modify browser profiles and persist...
EUVD-2016-9352
Malware in sbrugna...
EUVD-2013-0785
Malware in sbrugna...
Hindsight - Internet History Forensics For Google Chrome/Chromium
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications with more to come!. Hindsight can parse a number of different types of web artifacts, including URLs, download...
CVE-2016-8504
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...
Cross site request forgery (csrf)
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile...
Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird ESR 17.x is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. CVE-2013-0783 - An error exists related to Chrome Object Wrappers COW or System Only Wrappers SOW that could allow...
CVE-2013-0774
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors...
CVE-2013-0774
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors...