13 matches found
EUVD-2026-25335
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
GHSA-M958-864J-XQ5W Duplicate Advisory: OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-37v6-fxx8-xjmx. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats...
CVE-2026-41351
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
CVE-2026-41351
OpenClaw prior to version 2026.3.31 is affected by a replay-detection bypass in webhook signature handling. The vulnerability occurs because Base64 and Base64URL encoded signatures are treated as distinct requests, allowing an attacker to re-encode Telnyx webhook signatures to bypass replay prote...
CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
PT-2026-34782
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
GHSA-J56C-WPQM-H24X Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows...
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...
RustDesk 安全漏洞
RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...
burp_mirror_gui
Burp Multiple Instance Management Tool This solution, when combined with jsforward or mitmdump, effectively addresses the following pain points in penetration testing: 1. Enables real-time testing for privilege escalation, unauthorized access, business logic vulnerabilities, and session-related...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...
Multiple vulnerabilities in EXPRESSCLUSTER X
Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...