CVE-2026-41403

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

EUVD-2026-26110

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

CVE-2026-41403

OpenClaw npm package (= 2026.3.31 to remediate. For context, CVSS metrics from Vulners indicate both low (local) and medium (network) impact vectors, but official exploitation status is not described in the connected documents.

OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

Use of Less Trusted Source

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Less Trusted Source in the diffs viewer process when proxied remote requests are incorrectly classified as loopback addresses if allowRemoteViewer is disabled. An attacker can gain...

GHSA-3XV9-89FM-7H4R OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

EUVD-2015-8172

Malware in sbrugna...

mage-ai 安全漏洞

mage-ai is a modern replacement for Airflow in the Mage open source. A security vulnerability exists in mage-ai that stems from a path traversal vulnerability that allows a remote user with the Viewer role to leak arbitrary files from a Mage server via a Pipeline Interaction request...

mage-ai 安全漏洞

mage-ai is a modern alternative to Airflow open sourced by Mage. A security vulnerability exists in mage-ai that stems from a path traversal vulnerability that allows a remote user with the Viewer role to disclose arbitrary files from the Mage server via a Git Content request...

HelpU 输入验证错误漏洞

HelpU is a software from HelpU Korea that uses remote control technology to solve problems by allowing direct viewing of the customer's computer screen. It makes customer support easier and better. An input validation error vulnerability exists in the Helpu solution that originates when the produ...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

DVR Web Remote Viewer Detection (HTTP)

HTTP based detection of a DVR Web Remote Viewer software. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2015-8284

SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions...

Code injection

SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions...

CVE-2015-8284

SeaWell Networks Spectrum SDC 02.05.00 contains an improper authorization vulnerability (CVE-2015-8284) that could allow remote viewer accounts to perform administrative actions, including user management and access to device configuration files. Root cause: insufficient access control. Impact: u...

CVE-2015-8284

SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions...

RHEL 6 : rhevm-spice-client (RHSA-2015:0197)

Updated rhevm-spice-client packages that fix two security issues and several bugs are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CVE-2013-6434

The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...