CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

CVE-2026-45298

Dozzle CVE-2026-45298 describes a pre-auth SSRF in default deployments. Before version 10.5.2, POST /api/notifications/test-webhook accepts an attacker-controlled URL and headers, forwards them to a WebhookDispatcher, and returns the downstream response status code plus up to 1 MB of the response...

EUVD-2026-32019

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

Dozzle 代码问题漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...

Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Summary In a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that: - Sends an HTTP POST to the supplied URL with attacker-controlle...

PT-2026-41771

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description In default deployments where no DOZZLE AUTH PROVIDER is set, the endpoint 'POST /api/notifications/test-webhook' is accessible without authentication. This allows an unauthenticated attacker to perfo...

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained code vulnerabilities. These vulnerabilities stemmed from the fact that testwebhooknotifications.php did not validate the target URL against private IP ranges, which coul...

EUVD-2025-22666

Malicious code in bioql PyPI...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

PT-2025-30819 · WordPress · Apwide Golive Jira Plugin

Name of the Vulnerable Software and Affected Versions: Apwide Golive Jira plugin version 10.2.0 Description: The Apwide Golive Jira plugin contains a Server-Side Request Forgery SSRF issue. This issue is related to the test webhook function, which allows for potential exploitation through...

CVE-2025-45939

CVE-2025-45939 affects Apwide Golive Jira plugin version 10.2.0. The issue is a Server-Side Request Forgery (SSRF) exposed via the plugin’s test webhook function. No exploitation details are provided beyond this SSRF description; impact is described as limited to low confidentiality, integrity, a...