Lucene search
K

182 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:32 p.m.10 views

Malicious code in getd-pantallas-cliente (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a26267435645776aa984be114d5c657e63fa9937ff044e5ddd24943b28ea6e On npm install, postinstall.js collects os.hostname, os.userInfo.username, os.platform, process.cwd, and CI/build environment variables and sends the...

5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.49 views

CVE-2026-7792 WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS0.00202EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS5.3AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.4AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.10 views

CVE-2026-10273

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS5.4AI score0.01367EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 4:15 p.m.12 views

EUVD-2026-33667

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS6.6AI score0.01367EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 4:15 p.m.9 views

CVE-2026-10273 php-censor Webhook Endpoint GitBuild.php os command injection

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS6.6AI score0.01367EPSS
Exploits0References8
CVE
CVE
added 2026/06/01 4:15 p.m.30 views

CVE-2026-10273

Affected software: php-censor (up to 2.1.6). The vulnerability is in the Webhook Endpoint, specifically the file src/Model/Build/GitBuild.php, where manipulating the commitId argument can lead to operating system command injection. Impact is remote: attacker can exploit over the network. The expl...

7.5CVSS6.6AI score0.01367EPSS
Exploits0References8
NVD
NVD
added 2026/06/01 6:16 a.m.23 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 4:30 a.m.64 views

CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 4:30 a.m.12 views

CVE-2026-10224 NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 4:30 a.m.27 views

EUVD-2026-33557

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:30 a.m.18 views

CVE-2026-10224

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/01 4:30 a.m.37 views

CVE-2026-10224

Technical details about CVE-2026-10224 are not publicly available in the provided documents. Monitor for updates.

6.9CVSS5.6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.36 views

PT-2026-45268

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45449

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS6.6AI score0.01367EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/27 12:47 a.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the POST /api/notifications/test-webhook endpoint, which is accessible without authentication in the default deployment. An attacker can cause the application to send HTTP POST requests to arbitrary...

8.7CVSS5.7AI score0.01491EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 10:1 p.m.9 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:1 p.m.8 views

CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder