10 matches found
CVE-2026-3321
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2026-3321
CVE-2026-3321 describes an authorization bypass in ON24 Q&A chat, via a user-controlled key in the endpoint console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/. An unauthenticated attacker can enumerate event IDs and access the full Q&A history, exposing IDs, private URLs, messages, references, a...
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
GHSA-VQX8-9XXW-F2M7 OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions. Affected Packages / Versions - Package: openclaw npm - Vulnerable...
OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions. Affected Packages / Versions - Package: openclaw npm - Vulnerable...
EUVD-2023-55659
Malicious code in bioql PyPI...
Cross Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the sequential and numeric nature of event IDs via /ccm/calendar/dialogs/event/delete/submit endpoint, allowing an attacker to manipulate an admin into unintentionally deleting events on the site...
DEBIAN-CVE-2023-42453
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...
OESA-2023-1376 libX11 security update
Core X11 protocol client library. Security Fixes: A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions writ...
X.Org libX11 缓冲区错误漏洞
X.Org libX11 is an X11 X Window System client library from the X.org Foundation. A security vulnerability exists in X.Org libX11 that stems from not checking the values of Request, Event, and Error IDs in src/InitExt.c. The vulnerability is caused by the following...