CVE-2026-24661

Mattermost Plugins

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

CVE-2026-21388

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

CLEANSTART-2026-BY59711 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities were due to a rate-limiting mechanism in the Webhook token verification process, which allowed bypasses and could le...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from improper authentication handling in the Google Chat application’s URL Webhook. Attackers could bypass t...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the handling of voice call Webhooks, which allowed unauthorized resources to be exhausted, potentially...

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained code vulnerabilities. These vulnerabilities stemmed from the/api/v1/runs endpoint allowing arbitrary webhook URLs without proper URL validation, which could le...

PT-2026-31603

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions less than or equal to 2.3.1 Description Mattermost Plugins versions less than or equal to 2.3.1 do not limit the request body size on the /lifecycle webhook endpoint, potentially allowing an authenticated attacker t...

PT-2026-31783

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook url in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

PT-2026-31758

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...

PT-2026-31604

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions less than or equal to 2.1.3.0 Description Mattermost Plugins versions less than or equal to 2.1.3.0 do not limit the request body size on the /changes webhook endpoint. This allows an authenticated attacker to cause...

PT-2026-31659

Name of the Vulnerable Software and Affected Versions Aiven Operator versions 0.31.0 through 0.36.9 Description Aiven Operator allows provisioning and management of Aiven Services from a Kubernetes cluster. A developer with create permission on ClickhouseUser Custom Resource Definitions CRDs in...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the lack of rate limiting in Webhook authentication, allowing attackers to brute-force weak Webhook...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the parsing of JSON request bodies before verifying the webhook signature, which could lead to...

PT-2026-31779

OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts,...

PT-2026-31764

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a missing rate limiting issue in Telegram webhook authentication. This allows attackers to brute-force weak webhook secrets by repeatedly guessing without throttling. The...

PT-2026-31759

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication...