Summary
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks
- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- HIGHGHSA-R3W8-2C5R-H9J9
Kirby: `pages.access` permission is not checked in the `site/find` REST API route
- MEDIUMGHSA-89CP-7P28-JFFG
Kirby: Access to files of top-level drafts is not protected by permissions
- MEDIUMGHSA-23Q2-54QV-RQ5X
Kirby: `pages.access` permission is not checked in the pages picker for parent pages