Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/05 11:24 a.m.9 views

CVE-2026-42436

OpenClaw before 2026.4.14 has an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by ...

7.7CVSS5.8AI score0.0003EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/05 11:24 a.m.27 views

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS0.0003EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/05 11:24 a.m.5 views

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS5.8AI score0.0003EPSS
Exploits0References3
OSV
OSVadded 2026/04/17 9:47 p.m.2 views

GHSA-C4QM-58HJ-J6PJ OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation

Summary Browser snapshot and screenshot routes could expose internal page content after navigation. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Authenticated browser tool callers could use snapshot, screenshot, or tab routes that did n...

7.7CVSS5.7AI score0.0003EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEVadded 2025/06/28 12:0 a.m.11 views

VulnCheck KEV: CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

7.5CVSS7.4AI score0.6275EPSS
In wildExploits1References2
GithubExploit
GithubExploitadded 2025/01/28 9:16 p.m.114 views

Exploit for Cross-site Scripting in Flatpress

CVE Submissions Repository This repository contains informati...

9.1CVSS6.7AI score0.9057EPSS
Exploits9
OSV
OSVadded 2024/07/24 4:15 p.m.4 views

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

9.1CVSS7.3AI score0.9057EPSS
Exploits6References4
Positive Technologies
Positive Technologiesadded 2024/07/24 12:0 a.m.3 views

PT-2024-28842 · Unknown · Stitionai/Devika

Name of the Vulnerable Software and Affected Versions: stitutionai devika version v1 Description: The issue concerns a path traversal attack through the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. This allows an attacker to manipulate the snapshot path parameter, traverse...

9.1CVSS9.5AI score0.9057EPSS
Exploits6References7
Rows per page
Query Builder