Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52088

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the KubeVirt virt-handler domain notify server. The gRPC handlers HandleDomainEvent and HandleK8SEvent determine the VMI identity namespace/name based only on the request...

6.5CVSS5.8AI score0.00094EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38093

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 10:16 p.m.14 views

CVE-2026-56079

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from insufficient source verification in node event handling, allowing paired nodes to forge exec lifecycle...

8.6CVSS5.3AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34954

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.16 views

PT-2026-47131

Name of the Vulnerable Software and Affected Versions WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More versions prior to 1.10.0.2 Description The plugin is subject to insufficient verification of data authenticity. The PayPal Commerce webhook endpoint...

5.3CVSS5.5AI score0.00202EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2026/05/28 5:33 p.m.19 views

Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

5.8AI score0.00026EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 have code vulnerabilities. These vulnerabilities stem from issues with the hover summary feature, which may allow malicious pages to assign synthetic mouse hover events on...

7.4CVSS5.9AI score0.0033EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 9:31 p.m.4 views

GHSA-HV23-4QP7-8C8R ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

6.3CVSS6AI score0.00218EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.11 views

CVE-2026-42193

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:6 p.m.34 views

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

6.3CVSS0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/29 3:30 p.m.6 views

EUVD-2026-17013

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool...

8.8CVSS6.1AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/03/29 3:30 p.m.2 views

GHSA-VJQW-W5JR-G9W5 Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only...

8.8CVSS6AI score0.00247EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/29 3:30 p.m.5 views

Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only...

9.8CVSS6AI score0.00247EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/29 1:17 p.m.6 views

CVE-2026-32974

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool...

9.8CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.25 views

CVE-2026-32974 OpenClaw < 2026.3.12 - Forged Event Injection via Feishu Webhook Verification Token

OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger downstream tool...

8.8CVSS0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:55 p.m.3 views

Improper Verification of Cryptographic Signature

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the webhook event validation. An attacker can inject forged events and impersonate legitimate senders by submitting crafted requests t...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 8:55 p.m.5 views

GHSA-G353-MGV3-8PCJ OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Summary Feishu webhook mode allowed deployments that configured only verificationToken without encryptKey. In that state, forged inbound events could be accepted because the weaker configuration did not provide the required cryptographic verification boundary. Impact An unauthenticated network...

8.6CVSS6.1AI score0.00247EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/13 8:55 p.m.22 views

OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Summary Feishu webhook mode allowed deployments that configured only verificationToken without encryptKey. In that state, forged inbound events could be accepted because the weaker configuration did not provide the required cryptographic verification boundary. Impact An unauthenticated network...

9.8CVSS5.9AI score0.00247EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder