CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/29 6:6 p.m.•2 views

EUVD-2026-26278

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS5.3AI score0.00007EPSS

ATTACKERKB•added 2026/04/29 6:6 p.m.•1 views

CVE-2026-7439

4.8CVSS5.3AI score0.00007EPSS

Github Security Blog•added 2026/04/28 12:31 a.m.•6 views

Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

6.9CVSS5.7AI score0.00042EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/28 12:31 a.m.•2 views

GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

6.9CVSS5.8AI score0.00042EPSS

NVD•added 2026/04/28 12:16 a.m.•1 views

CVE-2026-41372

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS0.00042EPSS

CNNVD•added 2026/04/28 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in the trailing point “localhost” in remote CDP discovery responses. This...

6.9CVSS5.8AI score0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/04/27 11:24 p.m.•0 views

CVE-2026-41372

CVE•added 2026/04/27 11:24 p.m.•3 views

CVE-2026-41372

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.

Exploits0References3Affected Software1

EUVD•added 2026/04/27 11:24 p.m.•3 views

EUVD-2026-25952

Vulnrichment•added 2026/04/27 11:24 p.m.•1 views

CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery

Cvelist•added 2026/04/27 11:24 p.m.•27 views

CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery

6.9CVSS0.00042EPSS

GithubExploit•added 2026/04/27 7:48 p.m.•98 views

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

10CVSS6.6AI score0.00023EPSS

Exploits1

GithubExploit•added 2026/04/27 5:0 p.m.•70 views

reflected-xss-demo

Reflected XSS Demo Small intentionally vulnerable loca...

5.2AI score

Exploits0

Tenable Nessus•added 2026/04/27 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for noproxy hostname normalization bypass is incomplete. Wh...

7.5CVSS5.8AI score0.00082EPSS

Exploits1References4

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35560