CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 6 days ago•5 views

CVE-2026-35673

EUVD•added 6 days ago•8 views

EUVD-2026-33336

Cvelist•added 6 days ago•27 views

CVE-2026-35673 OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes

6.5CVSS0.00035EPSS

CVE•added 6 days ago•14 views

CVE-2026-35673

OpenClaw prior to 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes. Attackers with access to these routes can reuse already-open blocked tabs to bypass private-network SSRF policies and export or inspect content that should remain protected. Affected softw...

Exploits0References2Affected Software1

Vulnrichment•added 6 days ago•8 views

CVE-2026-35673 OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes

Positive Technologies•added 6 days ago•8 views

PT-2026-44897

CNNVD•added 6 days ago•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from SSRF policy bypasses in browser debugging and route exports, allowing for the reuse of already opened...

Github Security Blog•added 2026/05/14 8:29 p.m.•4 views

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

9.3CVSS6.2AI score0.00023EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•4 views

HRConvert2 操作系统命令注入漏洞

HRConvert2 is a self-hosted, drag-and-drop file conversion and sharing tool developed by Justin Grimes. Versions of HRConvert2 prior to 3.3.8 had an operating system command injection vulnerability. This vulnerability stemmed from the sanitizeString function not filtering escaped quotes and tabs,...

9.3CVSS5.9AI score0.00062EPSS

NVD•added 2026/05/11 6:16 p.m.•5 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS0.00044EPSS

ATTACKERKB•added 2026/05/11 5:0 p.m.•2 views

CVE-2026-44658

2.4CVSS5.8AI score0.00044EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/11 5:0 p.m.•9 views

CVE-2026-44658

CVE-2026-44658 (Zen Browser) : Zen Browser is a Firefox-based browser. The issue arises when RSS/Atom item links parsed from feeds are mapped to item.url without the same http/https scheme restriction applied in promptForFeedUrl; these links are then used by the live-folder manager to create pinn...

2.4CVSS5.8AI score0.00044EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•6 views

CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

7.7CVSS5.8AI score0.0003EPSS

Snyk•added 2026/05/05 1:35 p.m.•3 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the tabs/action endpoint in browser tab action routes. An attacker can gain unauthorized access to restricted resources by sending crafted requests that bypass...

NVD•added 2026/05/05 12:16 p.m.•2 views

CVE-2026-42439

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operation...

8.5CVSS0.00031EPSS

EUVD•added 2026/05/05 11:24 a.m.•0 views

EUVD-2026-27261

CVE•added 2026/05/05 11:24 a.m.•6 views

CVE-2026-42439

OpenClaw prior to 2026.4.10 contains a server-side request forgery policy bypass in the browser tabs action routes (/tabs/action). This allows bypassing configured SSRF protections to perform unauthorized tab navigation operations. Affected: OpenClaw; vulnerability likely affects the browser tabs...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/05 11:24 a.m.•3 views

CVE-2026-42439 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes