axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

OpenClaw has an unspecified vulnerability (CNVD-2026-17182)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that rate limiting is only applied after successful Webhook authentication, which can be exploited by an attacker to bypass the rate limiting and...

PT-2026-31102

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that rate limiting is only applied after successful Webhook authentication, which can be exploited by an attacker to bypass the rate limiting and...

Mattermost Plugin MSTeams 安全漏洞

Mattermost Plugin MSTeams is a Mattermost plugin from Mattermost USA. A security vulnerability exists in Mattermost Plugin MSTeams versions prior to 2.1.0, which stems from a webhook key comparison that does not use a constant time algorithm, which could lead to a key disclosure...