CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

CVE-2025-65397

The CVE-2025-65397 entry concerns Blurams Flare Camera versions prior to 24.1114.151.929. A vulnerability in the safe_exec.sh startup script allows an attacker with physical access to execute arbitrary commands with root privileges when the file /opt/images/public_key.der is absent and a maliciou...