5270 matches found
CVE-2026-40045 OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints
OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-34403
CVE-2026-34403 : Nginx-UI before 2.3.5 suffers Cross‑Site WebSocket Hijacking (CSWSH) due to an unsafe WebSocket upgrader that unconditionally sets CheckOrigin to true across all endpoints, enabling authenticated WebSocket connections from attacker‑controlled pages. Token authentication is stored...
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
CVE-2026-34403 Nginx-UI vulnerable to Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens...
Nginx UI 安全漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.5 contained security vulnerabilities. These vulnerabilities stemmed from WebSocket endpoints that did not validate sources and an insecure storage of authentication tokens, which could lead to cross-site...
PT-2026-33848
Summary All WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking CSWSH. Combined with the fact that authentication tokens are stored in browser cookies set via JavaScript without HttpOnly or...
📄 dcontrol 1.0.9 Remote Screen Capture
dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...
MiracleLinux 8 : nodejs:24 (AXSA:2026-465:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-465:01 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
Exploit for CVE-2026-39987
CVE-2026-39987 marimo is a reactive Python notebook. Prior to...
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...
GHSA-XMXX-7P24-H892 OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Summary Gateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart. Impact A bearer token that should have been revoked by SecretRe...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSocketDebuggerUrl field in the /json/version response. An attacker can cause the application to initiate connections to arbitrary, potentially...
GHSA-F7FH-QG34-X2XH OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...
GHSA-VW3H-Q6XQ-JJM5 OpenClaw: Voice-call realtime WebSocket accepted oversized frames
Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...
OpenClaw: Voice-call realtime WebSocket accepted oversized frames
Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...
Eclipse Che Machine-Exec WebSocket Service Exposure Detector
This Python script is a lightweight security detection tool designed to identify potentially exposed or misconfigured machine-exec WebSocket services associated with Eclipse Che running on port 3333...