OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection

Summary Node browser proxy allowProfiles bypass through persistent profile mutation and runtime profile selection Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real released allowProfiles bypass through profile mutation and runtime profile selection, fixed and...

EUVD-2019-0265

Malware in sbrugna...

EUVD-2009-3333

Malware in sbrugna...

CVE-2025-55195 @std/toml Prototype Pollution in Node.js and Browser

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution PP vulnerability. This is because the library is merging an untrusted object with an empt...

CVE-2009-3351

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...

in imsobear/node-browser

Overview node-browser is a wrapper webdriver by Node.js, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. I...

node-qrcode (>=0.0.1 <=0.0.4), ocast-dongletv (>=1.0.1 <=1.1.0) potentially affected by CVE-2016-10618 via node-browser (>=0.0.1 <=0.0.3)

node-browser NPM version =0.0.1, =0.0.1, =1.0.1, =1.1.0 Source cves: CVE-2016-10618 Source advisory: OSV:GHSA-8R98-RQG5-4VM3...

Man In The Middle (MitM)

node-browser is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and...

CVE-2016-10618

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10618

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

Design/Logic Flaw

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10618

node-browser is vulnerable to MITM because it downloads resources over HTTP, allowing an attacker on a privileged network to modify or read resources and potentially achieve remote code execution. The advisories note no patch is available and recommend avoiding the package or limiting use on publ...

Downloads Resources over HTTP

Overview Affected versions of node-browser insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...

CVE-2009-3351

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...

CVE-2009-3351

Technical details about CVE-2009-3351 are not publicly available in the provided documents; the records state only generic vulnerabilities with unknown impact. Monitor for updates for any concrete affected components, versions, or remediation information.

CVE-2009-3351

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...

SA-CONTRIB-2009-056 - Node2Node, Node Browser, Subdomain Manager, Quota by role, Rest API with vulnerabilities, now abandoned

Multiple vulnerabilities have been found in the following modules which have been abandoned. Their releases have been unpublished and it is recommended that they be disabled and un-installed if in use. Modules Node2Node Node Browser Subdomain Manager Quota by role Rest API Drupal core is not...