5 matches found
CVE-2026-56227 Capgo - Server-Side Request Forgery via Webhook URL Validation
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...
CVE-2026-56227
Capgo before 12.128.2 is affected by a server-side request forgery (SSRF) in webhook URL validation. The flaw permits configuring webhooks to loopback or internal addresses (e.g., localhost/127.0.0.1). When triggered, the backend makes outbound requests to those addresses, and error responses are...
CVE-2026-2393
A flaw was found in MLflow. An authenticated attacker can exploit a Server-Side Request Forgery SSRF vulnerability by providing an unvalidated URL parameter to the createwebhook function. This allows the MLflow backend to be forced into sending HTTP requests to internal services, cloud metadata...
EUVD-2026-31855
Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be partially bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse.urlparse, then sent the request with requests.post. For...
Hemmelig 安全漏洞
Hemmelig is a content encryption software from Hemmelig Open Source. A security vulnerability exists in Hemmelig versions prior to 7.3.3 that stems from an SSRF filter bypass in Webhook URL validation, which could lead to server-side request forgery attacks...