34 matches found
CVE-2026-59155 Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...
CVE-2026-56261
Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...
CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs
Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...
GO-2026-5219 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...
CVE-2026-41688
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...
CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...
BIT-GRAFANA-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
Linux Distros Unpatched Vulnerability : CVE-2026-21724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...
EUVD-2026-16338
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
PT-2026-28321
Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from an authorization bypass in the configuration contact point API. This vulnerability could allow users with the Editor role to modify protected Webhook URLs...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 had code vulnerabilities. These vulnerabilities stemmed from incomplete SSRF protections, and the save endpoint did not apply the validatewebhookurlforssrf protection. This allowe...