Lucene search
K

4 matches found

Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56625

Name of the Vulnerable Software and Affected Versions Cline versions prior to 3.0.30 Description The Cline Hub dashboard server, initiated via the cline dashboard command, fails to validate the Origin header for WebSocket connections on the /browser endpoint. When the ROOM SECRET is unset for loc...

8.8CVSS6.2AI score0.00145EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45064

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description The software uses an insecure default cryptographic key for signing JSON Web Tokens JWT. When the PLATFORM JWT SECRET environment variable is unset, the system defaults to a...

9.8CVSS5.8AI score0.00054EPSS
Exploits0References7
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2026-25474

OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channels.telegram.webhookSecret is not set when in Telegram webhook mode, OpenClaw may accept webhook HTTP requests without verifying Telegram’s secret token header. In deployments where the webhook endpoint is reachable by ...

7.5CVSS0.002EPSS
Exploits1References6
Rows per page
Query Builder