8 matches found
EUVD-2026-36620
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...
CVE-2026-53832
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...
CVE-2026-53832 OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and potentially escalate...
CVE-2026-28450
OpenClaw, versions prior to 2026.2.12 with the optional Nostr plugin enabled, expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import. These allow reading and modifying Nostr profiles without gateway authentication, potenti...
CVE-2024-1869
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway GGW over port 9220...
PT-2024-1954 · Hewlett Packard · Hp Designjet
Name of the Vulnerable Software and Affected Versions: HP DesignJet print products affected versions not specified Description: The issue is related to information disclosure when accessing memory out-of-bounds using the general-purpose gateway GGW over port 9220. This could allow a remote attack...
CVE-2022-38142
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization...
PT-2022-24234 · Delta Electronics · Infrasuite Device Master
Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The issue concerns the deserialization of user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could...