Lucene search
K
GithubRecent

33181 matches found

Github Security Blog
Github Security Blog
•added 2026/04/03 3:26 a.m.•11 views

OpenClaw: Endpoint persists after trust decline, leaking gateway credentials

Summary Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived int...

6.9CVSS5.9AI score0.00252EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:24 a.m.•7 views

OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

6.3CVSS5.9AI score0.00259EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:23 a.m.•8 views

OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist

Summary Discord Slash Commands Bypass Group DM Channel Allowlist Current Maintainer Triage - Status: narrow - Normalized severity: moderate - Assessment: v2026.3.28 native Discord slash and autocomplete paths still skip the group-DM allowlist, but impact is limited to already-authorized Discord...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:22 a.m.•7 views

OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration

Summary macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a...

5.9CVSS5.8AI score0.00117EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:20 a.m.•5 views

OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts

Summary Telegram legacy allowFrom migration fans default-account trust into all named accounts Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:20 a.m.•7 views

OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config

Summary Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 startup migration still treats empty-array settings as missing and can rehydrate revoked Tlon config from file state afte...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:19 a.m.•8 views

OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing

Summary Bootstrap setup codes were not bound to the intended device role and scopes, allowing first-use privilege escalation during pairing. Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real first-use bootstrap privilege-escalation bug fixed and shipped in...

9.8CVSS5.9AI score0.00328EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:18 a.m.•6 views

OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection

Summary Node browser proxy allowProfiles bypass through persistent profile mutation and runtime profile selection Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real released allowProfiles bypass through profile mutation and runtime profile selection, fixed and...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:17 a.m.•6 views

OpenClaw: Discord voice manager bypasses channel-level member access allowlist

Summary Discord voice manager bypasses channel-level member access allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still accepts Discord voice ingress before channel allowlist authorization, and main-only gating means this remains a real...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:15 a.m.•11 views

OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders

Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:15 a.m.•7 views

OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

Summary Paired node escalates to gateway RCE via unrestricted node.event agent dispatch Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than nod...

8.8CVSS5.9AI score0.00444EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:14 a.m.•4 views

OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile

Summary Sandbox escape via TOCTOU race in remote FS bridge readFile Current Maintainer Triage - Normalized severity: critical - Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag. Affected...

8.8CVSS5.9AI score0.002EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:13 a.m.•6 views

OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...

8.7CVSS5.8AI score0.00532EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:11 a.m.•13 views

OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation

Summary Gateway device.token.rotate does not terminate active WebSocket sessions after credential rotation Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 rotates device tokens without disconnecting already-authenticated WebSocket sessions, which is a...

5.4CVSS5.9AI score0.00186EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:9 a.m.•15 views

OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting

Summary Fake DeviceToken Bypasses Shared Auth Rate Limiting Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable...

6.3CVSS5.9AI score0.00387EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:7 a.m.•7 views

OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Summary Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 also misses the broader package, registry, compiler, Docker, and TLS env family in the shipped host-en...

7.1CVSS5.8AI score0.00307EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:6 a.m.•9 views

OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read

Summary Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:5 a.m.•7 views

OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:5 a.m.•7 views

OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read

Summary OpenClaw = 2026.3.28 - First stable tag containing the fix: v2026.3.28 Fix Commits - 4797bbc5b96e2cca5532e43b58915c051746fe37 — 2026-03-25T13:35:16-06:00 Release Process Note - The fix is already present in released version 2026.3.28...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:3 a.m.•9 views

OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:2 a.m.•4 views

OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability

Summary OpenClaw Gateway Control Interface Information Disclosure Vulnerability Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Released Control UI bootstrap JSON did expose version and assistant agent id, but that is low-severity fingerprinting or info...

6.9CVSS5.9AI score0.00297EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:1 a.m.•6 views

OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses

Summary Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Released workspace-only applypatch remove and mkdir operations were still check-then-act, but the draft overstates scope by...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:1 a.m.•6 views

OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS

Summary Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Shipped v2026.3.28 image processing could fail open on oversized pixel counts and allow decompression-bomb DoS, an availabili...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 3:0 a.m.•41 views

OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides

Summary Incomplete host-env-security-policy.json allows untrusted model to substitute compiler binaries CC, CXX, CARGOBUILDRUSTC, CMAKECCOMPILER via env overrides on approved host exec requests Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Shipped v2026.3....

6.1CVSS5.9AI score0.0013EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:59 a.m.•11 views

OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md

Summary Device-Paired Node Skips Node Scope Gate → Host RCE.md Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the...

8.8CVSS5.9AI score0.00544EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:58 a.m.•11 views

OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...

6.3CVSS5.9AI score0.0033EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:57 a.m.•5 views

OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

Summary Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28: host exec env policy still missed proxy, TLS, Docker, and Git TLS variables until 4d912e0451 on...

4.4CVSS5.9AI score0.00124EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:56 a.m.•10 views

OpenClaw runs Discord audio preflight transcription before member authorization

Summary Discord audio preflight transcription before member authorization Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still runs Discord audio preflight before member allowlist rejection, but this is the same pre-auth resource-consumption clas...

6.9CVSS5.9AI score0.00474EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:55 a.m.•8 views

OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode

Summary HTTP operator endpoints lack browser-origin validation in trusted-proxy mode Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on...

7.1CVSS5.9AI score0.00112EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:54 a.m.•4 views

OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion

Summary MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the...

8.7CVSS5.9AI score0.00481EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:53 a.m.•6 views

OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration

Summary Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still self-whitelists media parent dirs in...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:49 a.m.•2 views

OpenClaw: Media download follows cross-origin redirects with Authorization headers intact

Summary Media download follows cross-origin redirects with Authorization headers intact Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Shipped v2026.3.28 media downloads forwarded Authorization across cross-origin redirects, a real in-scope credential-leak...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:49 a.m.•4 views

OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal

Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...

9.6CVSS5.9AI score0.0047EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:47 a.m.•9 views

OpenClaw: Workspace `.env` can override the bundled plugin trust root

Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...

8.5CVSS5.9AI score0.00126EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:46 a.m.•11 views

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

8.3CVSS6AI score0.00327EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:46 a.m.•9 views

Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Impact On macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the...

7.8CVSS6.2AI score0.00161EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:44 a.m.•9 views

Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:44 a.m.•6 views

Electron: Incorrect origin passed to permission request handler for iframe requests

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

5.4CVSS5.9AI score0.00122EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:43 a.m.•6 views

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:43 a.m.•11 views

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:42 a.m.•13 views

Electron: Use-after-free in offscreen child window paint callback

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:41 a.m.•4 views

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

7.5CVSS6AI score0.0024EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:41 a.m.•8 views

Electron: Use-after-free in download save dialog callback

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

8.8CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:40 a.m.•5 views

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:39 a.m.•6 views

Electron: Use-after-free in PowerMonitor on Windows and macOS

Impact Apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources a message window on Windows, a shutdown handler on macOS retain dangling references. A subsequent session-change event...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:39 a.m.•7 views

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Impact An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer...

8.8CVSS5.9AI score0.00295EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:38 a.m.•15 views

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:37 a.m.•6 views

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/03 2:36 a.m.•6 views

Electron: USB device selection not validated against filtered device list

Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
•added 2026/04/02 11:21 p.m.•9 views

TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`

Summary telejson versions prior to 6.0.0 released 2022 are vulnerable to DOM-based Cross-Site Scripting XSS through unsafe deserialisation. Attacker-controlled input from the constructor-name property in parsed JSON is passed directly to new Function without sanitisation, allowing arbitrary...

6.1CVSS6.2AI score0.00358EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities33181