Lucene search
K

4 matches found

CVE
CVE
added 2026/05/14 3:34 p.m.16 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/05 1:35 p.m.10 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the browser snapshot, screenshot, and tab routes due to insufficient validation of the final browser target after navigation. An attacker can access internal or...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 11:24 a.m.27 views

CVE-2026-42436

OpenClaw before 2026.4.14 has an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by ...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 9:47 p.m.5 views

GHSA-C4QM-58HJ-J6PJ OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation

Summary Browser snapshot and screenshot routes could expose internal page content after navigation. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.14 Impact Authenticated browser tool callers could use snapshot, screenshot, or tab routes that did n...

7.7CVSS5.7AI score0.00266EPSS
Exploits0References6
Rows per page
Query Builder