Monthly
Webhook replay attacks in OpenClaw before 2026.3.28 allow remote attackers to trigger duplicate voice-call processing by reordering query parameters in captured Plivo V3 signed webhooks. The vulnerability stems from inconsistent canonicalization: signature verification sorts query parameters before validation, but replay detection hashes the raw URL with original parameter ordering. Attackers possessing a single valid signed webhook can bypass replay cache indefinitely by permuting query string order, causing repeated execution of voice-call workflows without requiring authentication or cryptographic breaks. No public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) with network vector (AV:N) requiring no privileges (PR:N).
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to forge GINA-encrypted emails, compromising email authenticity and potentially enabling spoofing attacks. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch. No CVSS score is available, and exploitation status has not been independently confirmed at time of analysis.
Private key recovery is possible in jsrsasign versions before 11.1.1 when attackers force invalid DSA signatures with zero r or s values during the signing process. The library fails to validate or retry these malformed signatures, allowing attackers to algebraically solve for the private key x from the emitted signature. Publicly available exploit code exists demonstrating the key recovery technique (EPSS: 0.02%, percentile 5%), though no confirmed active exploitation. Vendor-released patch: version 11.1.1.
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. [CVSS 4.0 MEDIUM]
Deno versions up to 2.6.0 contains a vulnerability that allows attackers to have infinite encryptions (CVSS 7.5).
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in MbedTLS 3.3.0 (CVSS 4.9). Remediation should follow standard vulnerability management procedures.
Webhook replay attacks in OpenClaw before 2026.3.28 allow remote attackers to trigger duplicate voice-call processing by reordering query parameters in captured Plivo V3 signed webhooks. The vulnerability stems from inconsistent canonicalization: signature verification sorts query parameters before validation, but replay detection hashes the raw URL with original parameter ordering. Attackers possessing a single valid signed webhook can bypass replay cache indefinitely by permuting query string order, causing repeated execution of voice-call workflows without requiring authentication or cryptographic breaks. No public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) with network vector (AV:N) requiring no privileges (PR:N).
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to forge GINA-encrypted emails, compromising email authenticity and potentially enabling spoofing attacks. The vulnerability affects all versions prior to 15.0.3 and was reported by NCSC.ch. No CVSS score is available, and exploitation status has not been independently confirmed at time of analysis.
Private key recovery is possible in jsrsasign versions before 11.1.1 when attackers force invalid DSA signatures with zero r or s values during the signing process. The library fails to validate or retry these malformed signatures, allowing attackers to algebraically solve for the private key x from the emitted signature. Publicly available exploit code exists demonstrating the key recovery technique (EPSS: 0.02%, percentile 5%), though no confirmed active exploitation. Vendor-released patch: version 11.1.1.
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. [CVSS 4.0 MEDIUM]
Deno versions up to 2.6.0 contains a vulnerability that allows attackers to have infinite encryptions (CVSS 7.5).
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A security vulnerability in MbedTLS 3.3.0 (CVSS 4.9). Remediation should follow standard vulnerability management procedures.