CVE-2026-35629

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

Insertion of Sensitive Information Into Sent Data

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data vi...

Insertion of Sensitive Information Into Sent Data

Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the fetch...

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

CVE-2023-23776

An exposure of sensitive information to an unauthorized actor CWE-200 vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when ...

SUSE CVE-2016-4964

The mptsasfetchrequests function in hw/scsi/mptsas.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop, and CPU consumption or QEMU process crash via vectors involving s-state...

CVE-2022-41919

A Cross-site request forgery CSRF vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch requests that could be used to invoke routes that only accept application/json...

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

DEBIAN-CVE-2016-4964

The mptsasfetchrequests function in hw/scsi/mptsas.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop, and CPU consumption or QEMU process crash via vectors involving s-state...