Lucene search
K

4993 matches found

Wolfi
Wolfi
added 2026/03/27 1:48 a.m.7 views

CVE-2026-24739 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

6.3CVSS5.8AI score0.00201EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 9:37 p.m.2 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended...

7.6CVSS5.9AI score0.00293EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 9:34 p.m.2 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 9:34 p.m.5 views

GHSA-XHQ5-45PM-2GJR OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens

Summary Nextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

4.2CVSS5.9AI score0.00241EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 9:34 p.m.8 views

OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens

Summary Nextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/26 9:23 p.m.3 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the callback process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization check...

9.1CVSS6AI score0.0042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

6.5CVSS5.7AI score0.00267EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/24 3:3 p.m.15 views

Nextcloud: PIN bypass in PassCodeActivity via back button

A vulnerability was discovered in the PassCodeActivity of a certain application. The vulnerability allowed bypassing the PIN code by pressing the back button...

4.6CVSS5.5AI score0.00153EPSS
Exploits0
EUVD
EUVD
added 2026/03/24 12:30 a.m.8 views

EUVD-2026-14563

OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...

6.3CVSS5.8AI score
Exploits0References4
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-32012

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.13 views

CVE-2026-32012

OpenClaw prior to 2026.2.25 is affected by CVE-2026-32012 due to a missing durable replay state for Nextcloud Talk webhook events. This allows an attacker to capture and replay valid signed webhook requests, potentially triggering duplicate inbound processing and causing integrity or availability...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.24 views

CVE-2026-32012

...

Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27226

OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...

4.8CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/03/19 3:30 a.m.3 views

GHSA-866C-WWM5-4RJ7 Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9q5-c7qc-p26w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid sign...

6.3CVSS5.7AI score0.00267EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9q5-c7qc-p26w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid sign...

6.5CVSS5.7AI score0.00267EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

6.5CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/03/19 2:16 a.m.2 views

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

6.5CVSS0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.25 views

CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

6.5CVSS0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 1:0 a.m.13 views

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 are affected by a missing durable replay suppression for Nextcloud Talk webhook events. This allows valid signed webhook requests to be replayed, triggering duplicate inbound message processing and potentially impacting integrity and availability. The vulnerab...

6.5CVSS5.7AI score0.00267EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.1 views

CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

6.5CVSS5.7AI score0.00267EPSS
Exploits0References3
Rows per page
Query Builder