Monthly
PyJWKClient in PyJWT prior to 2.13.0 passes attacker-influenced URIs directly to Python's urllib.request.urlopen() without restricting URI schemes, enabling Server-Side Request Forgery (SSRF) across file://, FTP, and data-URI schemes against applications that accept untrusted jku values. Affected deployments include any Python application using PyJWKClient where the jku URL originates from a JWT header, OAuth flow parameter, or externally influenced configuration. No public exploit exists and no CISA KEV listing is present; real-world exploitation is constrained by a CVSS-confirmed high attack complexity (AC:H) and required user interaction (UI:R), making opportunistic mass exploitation unlikely.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
OpenClaw versions 2026.4.5 through 2026.4.19 allow local attackers with user privileges to redirect credentialed MiniMax API requests to attacker-controlled servers via environment variable injection in workspace dotenv files, exposing MiniMax API keys in Authorization headers. The vulnerability requires user interaction (opening a malicious workspace) and local access but achieves high confidentiality impact by exfiltrating sensitive API credentials.
GrapheneOS versions before 2026050400 leak the real IP address of VPN users through a registerQuicConnectionClosePayload optimization that allows applications to request system_server transmit UDP traffic on their behalf, bypassing VPN confinement when both 'Block connections without VPN' and 'Always-on VPN' are enabled. This information disclosure affects users relying on VPN privacy protections and requires local access with user interaction to trigger, resulting in a CVSS 2.2 score despite the privacy-sensitive nature of IP address leakage.
Authenticated users with non-admin SETTINGS permission in pyload-ng ≤0.5.0b3.dev99 can redirect all outbound HTTP traffic through attacker-controlled proxies by modifying ungated proxy configuration fields (enabled, host, port, type). The vulnerability is an incomplete fix in a series of authorization bypass issues (CVE-2026-33509/-35463/-35464/-35586) where a hand-maintained allowlist in set_config_value() gates only proxy credentials (username/password) but not the proxy destination itself, allowing credential theft, traffic interception, and response injection across downloads, captcha solvers, and update checks. No public exploit identified at time of analysis, though the GitHub advisory includes a working proof-of-concept demonstrating traffic redirection via API calls. Patch confirmed in version 0.5.0b3.dev100 per vendor advisory GHSA-pg67-9wjv-mr85.
OpenClaw before version 2026.3.31 allows authenticated remote attackers to bypass sender allowlist filters when retrieving MS Teams thread history via Microsoft Graph API, enabling access to messages that should be restricted by security policies. The vulnerability affects organizations using OpenClaw's Teams integration and has been patched as of the specified version.
Unintended intermediary exposure in go-kratos kratos up to 2.9.2 allows remote attackers to disclose sensitive information via manipulation of the http.DefaultServeMux fallback handler in the NewServer function. The vulnerability has publicly available exploit code and affects the HTTP transport layer with a CVSS score of 5.5, representing a confidentiality impact without availability or integrity concerns.
NTLMv2 credential leakage in Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 enables remote unauthenticated attackers to extract machine-account hashes via deprecated .NET Remoting TCP channels, facilitating network-wide lateral movement and privilege escalation through hash relay attacks. Disclosed by VulnCheck, this flaw exploits insecure object deserialization to coerce NTLM authentication to attacker-controlled UNC paths. EPSS data not available; no KEV listing or public exploit code identified at time of analysis, though the disclosed technical details provide sufficient information for weaponization.
Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.
Hostname normalization bypass in Axios (JavaScript HTTP client) versions prior to 1.15.0 allows unauthenticated remote attackers to circumvent NO_PROXY configuration rules and force HTTP requests through configured proxies. Attackers can exploit malformed loopback addresses (localhost. with trailing dot, [::1] IPv6 literals) to bypass proxy restrictions and conduct Server-Side Request Forgery (SSRF) attacks against protected internal services. Publicly available exploit code exists. Affects all Axios implementations in Node.js and browser environments with NO_PROXY configurations.
PyJWKClient in PyJWT prior to 2.13.0 passes attacker-influenced URIs directly to Python's urllib.request.urlopen() without restricting URI schemes, enabling Server-Side Request Forgery (SSRF) across file://, FTP, and data-URI schemes against applications that accept untrusted jku values. Affected deployments include any Python application using PyJWKClient where the jku URL originates from a JWT header, OAuth flow parameter, or externally influenced configuration. No public exploit exists and no CISA KEV listing is present; real-world exploitation is constrained by a CVSS-confirmed high attack complexity (AC:H) and required user interaction (UI:R), making opportunistic mass exploitation unlikely.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
OpenClaw versions 2026.4.5 through 2026.4.19 allow local attackers with user privileges to redirect credentialed MiniMax API requests to attacker-controlled servers via environment variable injection in workspace dotenv files, exposing MiniMax API keys in Authorization headers. The vulnerability requires user interaction (opening a malicious workspace) and local access but achieves high confidentiality impact by exfiltrating sensitive API credentials.
GrapheneOS versions before 2026050400 leak the real IP address of VPN users through a registerQuicConnectionClosePayload optimization that allows applications to request system_server transmit UDP traffic on their behalf, bypassing VPN confinement when both 'Block connections without VPN' and 'Always-on VPN' are enabled. This information disclosure affects users relying on VPN privacy protections and requires local access with user interaction to trigger, resulting in a CVSS 2.2 score despite the privacy-sensitive nature of IP address leakage.
Authenticated users with non-admin SETTINGS permission in pyload-ng ≤0.5.0b3.dev99 can redirect all outbound HTTP traffic through attacker-controlled proxies by modifying ungated proxy configuration fields (enabled, host, port, type). The vulnerability is an incomplete fix in a series of authorization bypass issues (CVE-2026-33509/-35463/-35464/-35586) where a hand-maintained allowlist in set_config_value() gates only proxy credentials (username/password) but not the proxy destination itself, allowing credential theft, traffic interception, and response injection across downloads, captcha solvers, and update checks. No public exploit identified at time of analysis, though the GitHub advisory includes a working proof-of-concept demonstrating traffic redirection via API calls. Patch confirmed in version 0.5.0b3.dev100 per vendor advisory GHSA-pg67-9wjv-mr85.
OpenClaw before version 2026.3.31 allows authenticated remote attackers to bypass sender allowlist filters when retrieving MS Teams thread history via Microsoft Graph API, enabling access to messages that should be restricted by security policies. The vulnerability affects organizations using OpenClaw's Teams integration and has been patched as of the specified version.
Unintended intermediary exposure in go-kratos kratos up to 2.9.2 allows remote attackers to disclose sensitive information via manipulation of the http.DefaultServeMux fallback handler in the NewServer function. The vulnerability has publicly available exploit code and affects the HTTP transport layer with a CVSS score of 5.5, representing a confidentiality impact without availability or integrity concerns.
NTLMv2 credential leakage in Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 enables remote unauthenticated attackers to extract machine-account hashes via deprecated .NET Remoting TCP channels, facilitating network-wide lateral movement and privilege escalation through hash relay attacks. Disclosed by VulnCheck, this flaw exploits insecure object deserialization to coerce NTLM authentication to attacker-controlled UNC paths. EPSS data not available; no KEV listing or public exploit code identified at time of analysis, though the disclosed technical details provide sufficient information for weaponization.
Kyverno's apiCall service helper automatically injects the controller's ServiceAccount token into HTTP requests when ClusterPolicy or GlobalContextEntry authors omit an Authorization header, enabling token exfiltration to attacker-controlled endpoints via confused deputy vulnerability. Affects deployments where policy YAML repositories are compromised (GitOps threat model) or ClusterPolicy creation is possible. CVSS 8.1 (High) reflects network attack vector with low complexity and low privileges required. No CISA KEV listing or public exploit identified at time of analysis, but GitHub advisory includes working proof-of-concept demonstrating token injection and exfiltration.
Hostname normalization bypass in Axios (JavaScript HTTP client) versions prior to 1.15.0 allows unauthenticated remote attackers to circumvent NO_PROXY configuration rules and force HTTP requests through configured proxies. Attackers can exploit malformed loopback addresses (localhost. with trailing dot, [::1] IPv6 literals) to bypass proxy restrictions and conduct Server-Side Request Forgery (SSRF) attacks against protected internal services. Publicly available exploit code exists. Affects all Axios implementations in Node.js and browser environments with NO_PROXY configurations.