Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...

CVE-2026-43575

OpenClaw 2026.2.21 before 2026.4.10 contains an authentication bypass in the sandbox noVNC helper route, exposing interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive session. Affected pro...

PT-2026-38230

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.21 through 2026.4.9 Description An authentication bypass exists in the sandbox noVNC helper route, which exposes interactive browser session credentials. This allows attackers to access the noVNC helper route without...

GHSA-92JP-89MQ-4374 OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials

Summary Sandbox noVNC helper route exposed interactive browser session credentials. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.21 = 2026.4.10 Impact The sandbox noVNC helper route could be reached without the intended bridge authentication,...

Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-25gx-x37c-7pph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC...

CVE-2026-32064

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

CVE-2026-32064

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

PT-2026-26741

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...

OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

EUVD-2020-0588

Malware in sbrugna...

EUVD-2013-7200

Malware in sbrugna...

PT-2025-36938

Name of the Vulnerable Software and Affected Versions: Open OnDemand versions prior to 3.1.15 Open OnDemand versions prior to 4.0.7 Description: Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password whe...

Linux Distros Unpatched Vulnerability : CVE-2017-18635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages...

Linux Distros Unpatched Vulnerability : CVE-2021-3654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. CVE-2021-36...

RHSA-2015:0884 Red Hat Security Advisory: novnc security update

Bulletin has no description...

RHSA-2015:0833 Red Hat Security Advisory: novnc security update

Bulletin has no description...