4993 matches found
CVE-2026-24739 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
Incorrect Authorization
Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended...
Incorrect Authorization
Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that...
GHSA-XHQ5-45PM-2GJR OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Summary Nextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens
Summary Nextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Incorrect Authorization
Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the callback process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization check...
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...
Nextcloud: PIN bypass in PassCodeActivity via back button
A vulnerability was discovered in the PassCodeActivity of a certain application. The vulnerability allowed bypassing the PIN code by pressing the back button...
EUVD-2026-14563
OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...
CVE-2026-32012
Rejected reason: This CVE ID has been rejected...
CVE-2026-32012
OpenClaw prior to 2026.2.25 is affected by CVE-2026-32012 due to a missing durable replay state for Nextcloud Talk webhook events. This allows an attacker to capture and replay valid signed webhook requests, potentially triggering duplicate inbound processing and causing integrity or availability...
CVE-2026-32012
...
PT-2026-27226
OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...
GHSA-866C-WWM5-4RJ7 Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9q5-c7qc-p26w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid sign...
Duplicate Advisory: OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9q5-c7qc-p26w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid sign...
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...
CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...
CVE-2026-28449
OpenClaw versions prior to 2026.2.25 are affected by a missing durable replay suppression for Nextcloud Talk webhook events. This allows valid signed webhook requests to be replayed, triggering duplicate inbound message processing and potentially impacting integrity and availability. The vulnerab...
CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression
OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...