182 matches found
Malicious code in getd-pantallas-cliente (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...
CVE-2026-7792 WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...
CVE-2026-7113
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...
CVE-2026-10224
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
CVE-2026-39969
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
CVE-2026-10273
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
EUVD-2026-33667
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
CVE-2026-10273 php-censor Webhook Endpoint GitBuild.php os command injection
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
CVE-2026-10273
Affected software: php-censor (up to 2.1.6). The vulnerability is in the Webhook Endpoint, specifically the file src/Model/Build/GitBuild.php, where manipulating the commitId argument can lead to operating system command injection. Impact is remote: attacker can exploit over the network. The expl...
CVE-2026-10224
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
EUVD-2026-33557
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
CVE-2026-10224
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
CVE-2026-10224
Technical details about CVE-2026-10224 are not publicly available in the provided documents. Monitor for updates.
PT-2026-45268
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
PT-2026-45449
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the POST /api/notifications/test-webhook endpoint, which is accessible without authentication in the default deployment. An attacker can cause the application to send HTTP POST requests to arbitrary...
CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...
CVE-2026-45298
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...