6 matches found
Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview
Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the customIcon.svg field and renders it using Solid's innerHTML directive without any sanitization. When a malicious typebot is imported or crafted by a workspace collaborator, the payload executes in the builder's DOM...
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...
CVE-2026-28479
OpenClaw before 2026.2.15 hashes sandbox cache keys with SHA-1, introducing collision risks that can poison cache and cause unsafe sandbox state reuse. Affected: OpenClaw versions prior to 2026.2.15. Root cause: deprecated SHA-1-based hashing of Docker/browser sandbox configuration identifiers. I...
VulnCheck KEV: CVE-2025-54782
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
CVE-2025-54782 @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers
Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...