CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0...

CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0...

CVE-2026-34932

CVE-2026-34932 affects Hoppscotch (open source API development ecosystem). Before version 2026.3.0, a stored XSS vulnerability could lead to CSRF. The issue has been patched in version 2026.3.0. Reported impact in multiple feeds includes high/severe risk (CVSS v3.1: critical with network attack, ...

GHSA-R9Q5-C7QC-P26W OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing

Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...