CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Open WebUI 安全漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/models/import endpoint, which allowed users with the workspace.models.import...

6.5CVSS5.8AI score0.00011EPSS

Exploits1References1

Cvelist•added 2026/02/19 9:34 p.m.•16 views

CVE-2026-26317 OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A...

7.1CVSS0.0002EPSS

Exploits0References3

CVE•added 2026/02/19 9:34 p.m.•8 views

CVE-2026-26317

OpenClaw (personal AI assistant) exposes loopback browser mutation endpoints that accept cross-origin requests prior to 2026.2.14, enabling cross‑site request forgery (CSRF) to trigger unauthorized state changes in the victim’s local browser control plane. Starting with 2026.2.14, mutating HTTP m...

7.1CVSS5.6AI score0.0002EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/02/18 12:53 a.m.•6 views

OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...

7.1CVSS5.6AI score0.0002EPSS

Exploits0References5Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by