Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3449 matches found

NVD
NVDadded 2026/04/28 12:16 a.m.3 views

CVE-2026-41362

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS0.00053EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.3 views

PT-2026-35788

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description OpenClaw parses MS Teams webhook request bodies before performing JSON Web Token JWT validation—a process used to verify the identity of the sender. This allows unauthenticated remote attackers ...

8.7CVSS5.8AI score0.00228EPSS
Exploits0References7
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by a range bypass in the Webhook replay buffer deduplication process, which could allow authentication...

5.4CVSS5.9AI score0.00037EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source framework. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities were caused by a Webhook replay issue during Plivo V3 signature verification. This issue could allo...

8.2CVSS5.8AI score0.00018EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.4 views

PT-2026-35779

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An issue exists in Plivo V3 signature verification where the system canonicalizes query ordering for signatures but hashes raw URLs for replay detection. This allows attackers to reorder query...

8.2CVSS5.8AI score0.00018EPSS
Exploits0References5
CVE
CVEadded 2026/04/27 11:24 p.m.6 views

CVE-2026-41362

OpenClaw 2026.2.19 up to 2026.3.31 is affected by an improper cache isolation in the Zalo webhook replay-dedupe mechanism shared across authenticated webhook targets. An attacker controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on other a...

4.3CVSS5.3AI score0.00053EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/27 11:24 p.m.1 views

CVE-2026-41362

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.3AI score0.00053EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/27 11:24 p.m.3 views

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.8AI score0.00053EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/27 11:24 p.m.26 views

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS0.00053EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/27 11:24 p.m.4 views

EUVD-2026-25942

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.2AI score0.00053EPSS
Exploits0References4
NVD
NVDadded 2026/04/27 11:16 a.m.3 views

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS0.00125EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/27 10:0 a.m.29 views

CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS0.00125EPSS
Exploits0References6
CVE
CVEadded 2026/04/27 10:0 a.m.37 views

CVE-2026-7113

CVE-2026-7113 affects NousResearch hermes-agent 0.8.0, specifically the Webhooks Endpoint in gateway/platforms/webhook.py. The issue arises from manipulating the argument _INSECURE_NO_AUTH, resulting in missing authentication and enabling a remote attack. The description notes high attack complex...

6.3CVSS5.2AI score0.00125EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/27 10:0 a.m.2 views

CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS5.2AI score0.00125EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.3 views

PT-2026-35550

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

4.3CVSS5.2AI score0.00053EPSS
Exploits0References5
Hacker One
Hacker Oneadded 2026/04/26 10:35 p.m.12 views

Shopify: Missing HMAC validation on /uninstall webhook in Shopify/sample-django-app reference template

Repository: https://github.com/Shopify/sample-django-app Description The /uninstall webhook endpoint in sample-django-app processes incoming requests without verifying the X-Shopify-Hmac-Sha256 header. Shopify explicitly requires this validation as a mandatory security measure for all webhook...

5.8AI score
Exploits0
Snyk
Snykadded 2026/04/25 11:45 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey process. An attacker can gain unauthorized access to webhook routing by supplying externally influenced session keys...

6.9CVSS5.5AI score0.00038EPSS
Exploits0References2
OSV
OSVadded 2026/04/25 11:45 p.m.4 views

GHSA-2XCP-X87W-Q377 OpenClaw: Hook mapping templates could bypass hook session-key opt-in

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...

6.9CVSS5.9AI score0.00038EPSS
Exploits0References5
NVD
NVDadded 2026/04/24 9:16 p.m.1 views

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

9.1CVSS0.01386EPSS
Exploits1References3
CVE
CVEadded 2026/04/24 8:40 p.m.8 views

CVE-2026-41473

CyberPanel before 2.4.4 is affected by an authentication bypass in the AI Scanner worker API endpoints. The endpoints /api/ai-scanner/status-webhook and /api/ai-scanner/callback allow unauthenticated remote writes to the database, enabling storage exhaustion DoS, corruption of scan history, and p...

9.1CVSS5.7AI score0.01386EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder