GHSA-WC4H-2348-JC3P Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview Feature

Summary Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body...

PT-2026-30014

Summary Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body...

GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches thread root and reply context, which bypasses the sender allowlist. An attacker can gain unauthorized access to message threads by...

HTTPS Fetch, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...

HTTPS Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/https/x86/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

HTTPS Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallport...

HTTPS Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION...

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/upexec/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION...

HTTPS Fetch, Windows Upload/Execute, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Use an established connection Module Options msf use payload/cmd/windows/https/x86/upexec/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show...

HTTPS Fetch, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTI...

HTTPS Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show action...

HTTPS Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/https/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf...

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...

HTTPS Fetch, Windows Command Shell, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get...