Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/05 10:14 p.m.7 views

CRLF Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to CRLF Injection via the downloadICS.php process. An attacker can inject arbitrary calendar events and spoof event details by supplying specially crafted input...

5.3CVSS6AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.27 views

CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

8.2CVSS0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-23540

Name of the Vulnerable Software and Affected Versions OpenClaw voice-call plugin versions prior to 2026.2.3 @clawdbot/voice-call versions through 2026.1.24 Description The voice-call plugin contains a flaw in webhook verification that allows remote attackers to bypass authentication by providing...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References8
OSV
OSV
added 2019/11/08 12:15 a.m.2 views

DEBIAN-CVE-2019-18835

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

9.8CVSS7AI score0.00864EPSS
Exploits0References1
Rows per page
Query Builder