Lucene search
+L

38 matches found

EUVD
EUVD
added 2026/03/21 6:30 a.m.5 views

EUVD-2026-14187

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

5.3CVSS5.9AI score0.003EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.29 views

CVE-2026-32896 OpenClaw < 2026.2.21 - Unauthenticated Webhook Access via Passwordless Fallback in BlueBubbles Plugin

The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.21 contains a passwordless fallback authentication path that allows unauthenticated webhook events in certain reverse-proxy or local routing configurations. Attackers can bypass webhook authentication by exploiting the...

6.3CVSS0.00249EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 12:42 a.m.20 views

CVE-2026-32896

The issue is OpenClaw versions prior to 2026.2.21 where the BlueBubbles webhook handler contains a passwordless fallback authentication path. This allows unauthenticated webhook events in certain reverse-proxy or local routing configurations by exploiting loopback/proxy heuristics, enabling an at...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 9:18 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the webhook request body parsing. An attacker can degrade service availability by sending slow or oversized unauthenticated reques...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 9:26 a.m.31 views

CVE-2026-1461 Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured,...

6.5CVSS0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 6:9 p.m.7 views

GO-2026-4491 Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke

Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke...

7.5CVSS5.4AI score0.0041EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/12 9:7 p.m.3 views

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/12 9:7 p.m.28 views

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS0.0041EPSS
Exploits1References1
OSV
OSV
added 2026/02/12 9:7 p.m.8 views

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/07 6:36 a.m.6 views

CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

8.2CVSS5.7AI score0.00306EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.4 views

Apwide Golive 安全漏洞

Apwide Golive is a test environment management plugin from Apwide Golive, Switzerland. A security vulnerability exists in Apwide Golive version 10.2.0, which stems from an unauthenticated test webhook function that could lead to server-side request forgery...

6.5CVSS6.8AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.8 views

Jenkins Plugin Gogs 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00577EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00348EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.6 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00348EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-45754: Mailjet Mailer and LOX24 Notifier Webhook Parsers Never Verify the Configured Secret: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45754...

6.9CVSS5.8AI score0.00348EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

CVE-2026-47212: Twilio Notifier Webhook Parser Never Verifies the X-Twilio-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-47212...

6.9CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Rows per page
Query Builder