36 matches found
CVE-2026-59099
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...
EUVD-2026-41430
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...
PT-2026-55299
Name of the Vulnerable Software and Affected Versions Apereo CAS versions 7.3.0 through 8.0.0-RC5 Description A cryptographic issue allows remote unauthenticated attackers to recover plaintext conversation state. This occurs because the system reuses the AES-GCM initialization vector IV across th...
ba.sake:pac4j-testkit (>=0.1.0 <=0.2.0), com.github.hiwepy:pac4j-spring-boot-starter (=3.3.x.20241020.RELEASE) +2 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=6.0.5 <=6.2.2)
org.pac4j:pac4j-jwt MAVEN version =6.0.5, =0.1.0, =7.1.0, =7.1.0, =7.3.4 Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...
CVE-2023-49818
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...
CVE-2024-34689
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...
How Webflow Helps Companies Move Faster Without Sacrificing Brand Control
Conventional development frequently results in a trade-off between speed and brand consistency, which harms reputation by causing delays…...
EUVD-2023-53726
Malicious code in bioql PyPI...
Malicious code in webflow-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6875 Malicious code in webflow-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Fake DocuSign email hides tricky phishing attempt
On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network CDN with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access ...
CVE-2023-49818
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...
CVE-2023-49818 WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...
WordPress plugin Webflow Pages 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-13808 · Webflow · Webflow Pages
Name of the Vulnerable Software and Affected Versions: Webflow Pages versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.0.0 through...
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials
Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto...
org.apereo.cas:cas-server-support-rest-x509 (>=6.5.0 <=6.6.15.2), org.apereo.cas:cas-server-support-x509 (>=6.5.0 <=6.6.15.2) +1 more potentially affected by CVE-2023-28857 via org.apereo.cas:cas-server-support-x509-core (>=6.5.0 <=6.6.5)
org.apereo.cas:cas-server-support-x509-core MAVEN version =6.5.0, =6.5.0, =6.5.0, =6.5.0, =6.6.15.2 Source cves: CVE-2023-28857 Source advisory: OSV:GHSA-P78H-M8PV-G9GM...
CVE-2024-34689
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...
CVE-2024-34689
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...