CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0...

CVE-2026-34932

Affected software: hoppscotch open source API development ecosystem. Issue: stored XSS via mock server responses on backend origin, potentially enabling CSRF. Root cause/tech detail: XSS vulnerability present before version 2026.3.0; fixed in 2026.3.0. Impact: is described as high-severity in CVS...

CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0...

GHSA-R9Q5-C7QC-P26W OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...