CVE-2026-43573

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

CVE-2026-43573

CVE-2026-43573 affects OpenClaw prior to 2026.4.10. It describes a server-side request forgery (SSRF) policy bypass in existing-session browser interaction routes, allowing attackers to bypass navigation guards and interact with or navigate to unauthorized targets without policy enforcement. Impa...

EUVD-2026-27297

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

CVE-2026-43573

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

CVE-2026-43573 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

CVE-2026-43573 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

Summary Existing-session browser interaction routes bypassed SSRF policy enforcement. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Existing-session browser interaction routes could continue interacting with or navigating targets without...

GHSA-527M-976R-JF79 OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

Summary Existing-session browser interaction routes bypassed SSRF policy enforcement. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Existing-session browser interaction routes could continue interacting with or navigating targets without...

PT-2026-37028

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery SSRF policy bypass exists in existing-session browser interaction routes. This allows attackers to bypass navigation guards to interact with or navigate to...

CVE-2022-50975

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

CVE-2022-50975 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated access to device configuration

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

CVE-2022-50975

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

EUVD-2019-3212

Malware in sbrugna...

CVE-2023-37946

A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain...

Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...

Accounting Journal Management 跨站脚本漏洞

Accounting Journal Management is a simple PHP-based accounting journal management system with a trial balance. accounting Journal Management version 1.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of filtering of user-supplied data and The vulnerability is caused ...

Session fixation

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

PT-2019-12364 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.0RX before 9.0R3.4 Pulse Connect Secure versions 8.3RX before 8.3R7.1 Pulse Connect Secure versions 8.2RX before 8.2R12.1 Description: The issue affects users of SAML authentication with the Reuse Existing NC...

ClipperCMS Session Fixation Vulnerability

ClipperCMS is a content management system CMS. A security vulnerability exists in ClipperCMS version 1.3.3. An attacker can exploit the vulnerability to allow a user to use a pre-existing session ID or hijack a user session...