CVE-2026-42437 OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice-call Realtime Path

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a denial-of-service attack in the real-time WebSocket path for voice calls. It was possible for a...

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

CVE-2026-41395

OpenClaw prior to 2026.3.28 is affected by a webhook replay vulnerability in Plivo V3 signature verification. The system canonicalizes query ordering for signatures but hashes the raw verification URL for replay detection, allowing an attacker who captures a valid signed webhook to reorder query ...

EUVD-2026-26103

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

EUVD-2025-206533

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

A Surprising Amount of Satellite Traffic Is Unencrypted

Here's the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructur...

Satellites leak voice calls, text messages and more

Scientists from several US universities intercepted unencrypted broadcast through geostationary satellites using only off-the-shelf equipment on a university rooftop. Geostationary satellites move at the same speed as the Earth’s rotation so it seems as though they are always above the same exact...

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call...

CVE-2024-20378

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management...

CVE-2022-40510 Buffer copy without checking size of input in Audio.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder...

PT-2023-13800 · Qualcomm · Snapdragon +183

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue is related to memory corruption due to a buffer copy without checking the size of the input in Audio while a voice call is made...

Wire Cross-Site Scripting Vulnerability (CNVD-2022-65920)

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Wire cross-site scripting vulnerability (CNVD-2022-31755)

Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A cross-site scripting vulnerability exists in the Wire webapp, which stems fr...

Wire server denial of service vulnerability

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, OS X platforms, has a group function, can voice calls, send photos and its original way of greeting PING. wire server has a denial of service vulnerability, the vulnerability stems from the syste...

Wire webapp has an unspecified vulnerability

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, can make voice calls, send photos, and its original way of saying hello, PING. wire webapp has a security vulnerability, and no details of the vulnerability...

Wire has unspecified vulnerabilities (CNVD-2022-10740)

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, the ability to make voice calls, send photos, and its ingenious way of saying hello, PING. Wire has a security vulnerability that allows users of Wire by...

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an...

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram, has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an...

New Android malware record voice calls for extortion & blackmailing

By Waqas Another day, another Android malware - This time IT security This is a post from HackRead.com Read the original post: New Android malware record voice calls for extortion & blackmailing...