Lucene search
+L

39 matches found

NVD
NVD
added 2026/07/09 7:17 p.m.7 views

CVE-2026-54695

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS0.00343EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:52 p.m.5 views

CVE-2026-54695

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS6AI score0.00343EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/28 7:37 p.m.8 views

CVE-2026-41395

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.5 views

CVE-2026-41395

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.30 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 6:9 p.m.8 views

EUVD-2026-26103

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 6:9 p.m.15 views

CVE-2026-41395

OpenClaw prior to 2026.3.28 is affected by a webhook replay vulnerability in Plivo V3 signature verification. The system canonicalizes query ordering for signatures but hashes the raw verification URL for replay detection, allowing an attacker who captures a valid signed webhook to reorder query ...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS6AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source framework. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities were caused by a Webhook replay issue during Plivo V3 signature verification. This issue could allo...

8.2CVSS5.8AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35779

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An issue exists in Plivo V3 signature verification where the system canonicalizes query ordering for signatures but hashes raw URLs for replay detection. This allows attackers to reorder query...

8.2CVSS5.8AI score0.00149EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/24 12:31 a.m.7 views

EUVD-2026-25321

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89r3-6x4j-v7wf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows...

6.3CVSS5.7AI score0.00229EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/24 12:31 a.m.7 views

GHSA-CW28-63X4-37C3 Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89r3-6x4j-v7wf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows...

6.3CVSS5.7AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 10:16 p.m.9 views

CVE-2026-41337

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS0.00229EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:57 p.m.3 views

CVE-2026-41337

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.40 views

CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:57 p.m.14 views

CVE-2026-41337

OpenClaw before version 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay. Attackers who have captured valid live-call callbacks can mutate the in‑process callback origin during the replay process, enabling manipulation of callback origins. The CVE entry lists...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 9:57 p.m.5 views

CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS5.3AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/04/23 9:57 p.m.4 views

CVE-2026-41337 OpenClaw < 2026.3.31 - Callback Origin Mutation in Plivo Voice-call Replay

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

6.3CVSS6AI score0.00229EPSS
Exploits0References5
Rows per page
Query Builder