Lucene search
K

13 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.5 views

EUVD-2026-25335

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 12:31 a.m.3 views

GHSA-M958-864J-XQ5W Duplicate Advisory: OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-37v6-fxx8-xjmx. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats...

6.3CVSS5.7AI score0.0033EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41351

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References4
CVE
CVE
added 2026/04/23 9:58 p.m.18 views

CVE-2026-41351

OpenClaw prior to version 2026.3.31 is affected by a replay-detection bypass in webhook signature handling. The vulnerability occurs because Base64 and Base64URL encoded signatures are treated as distinct requests, allowing an attacker to re-encode Telnyx webhook signatures to bypass replay prote...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.33 views

CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

6.3CVSS0.0033EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34782

OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 12:30 a.m.5 views

GHSA-J56C-WPQM-H24X Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...

8.3CVSS5.8AI score0.00283EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/03 2:58 a.m.11 views

OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding

Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...

6.3CVSS5.9AI score0.0033EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...

9.8CVSS5.8AI score0.00269EPSS
Exploits1References3
Gitee
Gitee
added 2025/11/27 9:16 p.m.152 views

burp_mirror_gui

Burp Multiple Instance Management Tool This solution, when combined with jsforward or mitmdump, effectively addresses the following pain points in penetration testing: 1. Enables real-time testing for privilege escalation, unauthorized access, business logic vulnerabilities, and session-related...

7.2AI score
Exploits0
Snyk
Snyk
added 2025/08/22 8:43 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...

9.1CVSS7AI score0.00198EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/22 8:43 p.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...

9.1CVSS6.8AI score0.00198EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/20 5:9 a.m.6 views

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...

8.8CVSS8.1AI score0.00743EPSS
Exploits0References17
Rows per page
Query Builder