Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getHeadersWithAuth function. An attacker can obtain authentication tokens by controlling a local loopback port and intercepting probe...

OpenClaw Loopback CDP probe can leak Gateway token to local listener

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

GHSA-25GX-X37C-7PPH OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

EUVD-2025-24249

Malicious code in bioql PyPI...

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

CVE-2025-30034

CVE-2025-30034 affects Siemens SIMATIC RTLS Locating Manager (all versions

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

PT-2025-32648 · Siemens · Simatic Rtls Locating Manager

Name of the Vulnerable Software and Affected Versions: SIMATIC RTLS Locating Manager versions prior to 3.3 Description: A vulnerability exists in SIMATIC RTLS Locating Manager that allows an unauthenticated local attacker to cause a denial of service condition. The vulnerability is due to imprope...

Siemens SIMATIC RTLS Locating Manager 安全漏洞

Siemens SIMATIC RTLS Locating Manager is an RTLS locating manager from Siemens, Germany. A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager versions prior to V3.3, which stems from failure to properly validate inputs from a listening port on the local loopback interface, whi...