PT-2026-38232

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description A file read issue allows attackers to bypass navigation guards through browser act/evaluate interactions. This enables attackers to pivot into the local Chrome DevTools Protocol CDP origin and...

EUVD-2026-19360

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...

UBUNTU-CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

security flaw

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup...