Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/03/03 10:25 p.m.3 views

OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity

Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...

6AI score
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/03 10:25 p.m.0 views

GHSA-GCJ7-R3HG-M7W6 OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity

Summary The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata i-twilio-idempotency-token, enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header. Affected Packages / Versions - Package: openclaw npm ...

3.7CVSS6AI score
Exploits0References3
NVD
NVDadded 2024/07/10 8:15 p.m.9 views

CVE-2024-25077

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...

9.8CVSS0.00335EPSS
Exploits0References1
CVE
CVEadded 2024/07/10 12:0 a.m.45 views

CVE-2024-25077

CVE-2024-25077 affects Renesas SmartBond DA14691/DA14695/DA14697/DA14699. The issue: the Nonce used for on-the-fly flash decryption is stored in an unsigned header, allowing modification without invalidating the secure-boot signature. The decryption engine uses AES in CTR mode without authenticat...

9.8CVSS7AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/07/10 12:0 a.m.1 views

Various Renesas products Security breaches

The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in various Renesas products, which stems from the fact that the Nonce used to instantly decrypt a flash image is stored in an unsigned...

9.8CVSS7.1AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/10 12:0 a.m.2 views

PT-2024-20728 · Renesas · Renesas Smartbond

Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without...

9.8CVSS7.1AI score0.00335EPSS
Exploits0References7
Rows per page
Query Builder