CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

CVE-2026-26935

Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.1.14 contained code vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the RecursiveUrlLoader class within...

XML External Entity (XXE) Processing in TYPO3 Core

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external file content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...

Insecure Direct Object Reference (IDOR)

t3s/content-consent is vulnerable to Insecure Direct Object Reference IDOR. The issue arises because the library fails to verify whether a specified content element identifier is permitted by the plugin. This allows an unauthenticated user to display various content elements, leading to an insecu...

CVE-2023-24515 Server side request forgery in api checker

Server-Side Request Forgery SSRF vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to...

phpBB Server-Side Request Forgery (SSRF)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...

Insecure direct object reference in extension "Varnishcache" (varnishcache)

The Edge Site Includes ESI content element renderer component of the extension does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR with the potential of exposing internal content elements...

Microstrategy 代码问题漏洞

Microstrategy is a suite of business analytics and mobility platforms from US-based Microstrategy. MicroStrategy version 10.4 suffers from a cross-site request forgery vulnerability that could allow an authenticated user to access the content of an internal web resource or leak files from a local...

phpBB Server-Side Request Forgery Vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists on the server side of the Remote Avatar feature in phpBB...

Server side request forgery (ssrf)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...