15 matches found
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
EUVD-2026-13267
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
OpenClaw Path Traversal Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...
OpenClaw 路径遍历漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...
PT-2026-20372
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passes these paths ...
GHSA-38MG-WM59-G64X composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.4, which stems from the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS operations that do not validate user input, potentially leading to a server-side reques...
Noia - Simple Mobile Applications Sandbox File Browser Tool
Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re. Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an...
Fortinet FortiClientEms Information Disclosure Vulnerability
Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...
HTTrack Stack Buffer Overflow Vulnerability
HTTrack Website Copier is a free and easy to use offline browser tool. HTTrack suffers from a stack buffer overflow vulnerability. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application...