EUVD-2026-9911

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

CVE-2026-28465

OpenClaw’s voice-call plugin (pre-2026.2.3) has an improper authentication flaw in webhook verification. An attacker can spoof webhook events by supplying untrusted Forwarded or X-Forwarded-* headers in reverse-proxy setups that implicitly trust these headers, bypassing verification. The issue af...

CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

CVE-2026-28465

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

Exploits

Exploit FreePBX / Elastix - callmepage.php Auteur : LECOMT...

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages

The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users...

GHSA-22M3-C7VP-49FJ IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2025-69969

The CVE concerns SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2, where a lack of authentication and authorization in the BLE protocol enables an attacker within BLE proximity to reverse engineer the protocol and execute arbitrary commands on the device without a connection. The issue also permit...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

Linux Distros Unpatched Vulnerability : CVE-2025-29939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested pagin...

Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams

Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks...

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication MFA protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

EUVD-2026-9270

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

PT-2026-22708

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

MAL-2026-1092 Malicious code in jwrincident (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in jwrincident (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

k8s-container-escape-lkm

🛠️ Kernel Module Reverse Shell – Privileged Container Escape P...

CVE-2025-1242

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...