CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/10 10:17 p.m.•8 views

CVE-2026-53738

8.1CVSS0.00248EPSS

Cvelist•added 2026/06/10 8:39 p.m.•27 views

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

8.1CVSS0.00248EPSS

CNNVD•added 2026/06/10 12:0 a.m.•11 views

WordPress plugin Copy & Delete Posts 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.4AI score0.00248EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/15 3:8 a.m.•12 views

Malicious code in cdp-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...

5.8AI score

OSV•added 2026/05/15 3:8 a.m.•13 views

MAL-2026-3752 Malicious code in cdp-core (npm)

5.8AI score

Vulnrichment•added 2026/05/11 4:46 p.m.•7 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS5.8AI score0.00246EPSS

CVE•added 2026/05/11 4:46 p.m.•12 views

CVE-2026-45000

OpenClaw before 2026.4.20 is affected by a server-side request forgery in the browser CDP profile creation flow. The vulnerability allows creation of stored profiles that can point to private-network or metadata endpoints and bypass strict-mode SSRF policy checks, with the sensitive endpoints pot...

5CVSS5.8AI score0.00246EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/11 12:0 a.m.•12 views

PT-2026-39689

5CVSS5.8AI score0.00246EPSS

Exploits0References5

NVD•added 2026/05/06 8:16 p.m.•5 views

CVE-2026-43577

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS0.00253EPSS

CNNVD•added 2026/05/06 12:0 a.m.•8 views

OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

7.7CVSS5.8AI score0.00265EPSS

Exploits0References1

ATTACKERKB•added 2026/04/27 11:24 p.m.•0 views

CVE-2026-41372

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

CVE•added 2026/04/27 11:24 p.m.•12 views

CVE-2026-41372

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/27 11:24 p.m.•4 views

CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery

Positive Technologies•added 2026/04/27 12:0 a.m.•2 views

PT-2026-35560

OSV•added 2026/04/25 11:49 p.m.•3 views

GHSA-J4C5-89F5-F3PM OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Browser profile creation normalized cdpUrl values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly...

2.3CVSS5.8AI score

Github Security Blog•added 2026/04/17 10:18 p.m.•8 views

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...

7.7CVSS5.7AI score0.00265EPSS

Exploits0References6Affected Software1

Snyk•added 2026/04/07 6:15 p.m.•4 views

Improper Input Validation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Input Validation via the CDP discovery process. An attacker can redirect authenticated browser control to a localhost-resolving endpoint by crafting a discovery response with a...

6.9CVSS5.8AI score0.00251EPSS

Rockylinux•added 2026/04/07 12:1 a.m.•2 views

lldpd bug fix and enhancement update

An update is available for lldpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLDP is an industry standard protocol designed to supplant proprietary Link-Lay...

5.9AI score

Exploits0

NVD•added 2026/03/18 2:16 a.m.•5 views

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

6.8CVSS0.00126EPSS