CVE-2026-43585

OpenClaw (affected component: gateway authentication) exposes a bearer token validation flaw prior to version 2026.4.15. The issue occurs because the service captures the resolved bearer-auth configuration at startup and does not re-resolve authentication per request after SecretRef rotation, all...

CVE-2026-43576 OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576 OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

CVE-2026-43576

OpenClaw before 2026.4.5 is affected by a server-side request forgery in the CDP /json/version WebSocket endpoint. The webSocketDebuggerUrl field is not properly validated, enabling an attacker to redirect connections to arbitrary hosts and perform SSRF-style jumps to second-hop targets. Affected...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the UI server WebSocket. An attacker can gain unauthorized access to sensitive endpoints, such as streaming real-time pod logs, opening an interactive shell inside a running pod, or...

GHSA-HQWM-7X7X-8379 DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

DevSpace UI Server WebSocket CheckOrigin does not validate source

Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use thei...

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...

OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

PT-2026-38231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.5 Description A server-side request forgery SSRF issue exists in the CDP "/json/version" WebSocket endpoint. The webSocketDebuggerUrl response field is not properly validated, which allows attackers to redirec...

PT-2026-38268

Name of the Vulnerable Software and Affected Versions Granian versions 1.2.0 through 2.7.3 Description An unauthenticated client can cause a worker process to abort by sending a WebSocket upgrade request containing non-ASCII bytes in the Sec-WebSocket-Protocol header. This occurs during the...

PT-2026-38264

Name of the Vulnerable Software and Affected Versions DevSpace versions prior to 6.3.21 Description The UI server WebSocket accepts connections from all origins by default, exposing several endpoints. A malicious website visited by a developer using a browser can establish a cross-origin WebSocke...

PT-2026-38638

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...

RHCOS 3 : OpenShift Container Platform 3.11.404 (RHSA-2021:0833)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0833 advisory. - golang-github-gorilla-websocket: integer overflow leads to denial of service CVE-2020-27813 Note that Nessus has not tested for this issue...

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection through the autoEvalCodeOnHTML process. An attacker can execute arbitrary JavaScript code in the browser context of any logged-in user by...

GHSA-GHCV-22JF-VFXM AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...

AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...

Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

Regular Expression without Anchors

Overview Affected versions of this package are vulnerable to Regular Expression without Anchors through the alloworiginpat checks in websocket.py, login.py. An attacker can bypass CORS, WebSocket origin checks, and login redirect validation by supplying an Origin or Referer value that matches the...