Lucene search
K

31 matches found

OSV
OSV
added 2026/02/12 10:6 p.m.5 views

GHSA-965M-V4CC-6334 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS6.4AI score0.0041EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

yoke 访问控制错误漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/10 10:43 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook URLs which are not validated. An attacker can access internal services, private networks, or cloud metadata endpoints by configuring malicious webhook URLs. PoC ssh localhost webhook crea...

9.1CVSS6.6AI score0.00335EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/09 11:33 a.m.9 views

CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...

4.3CVSS0.00495EPSS
Exploits0References3
CVE
CVE
added 2025/10/09 11:33 a.m.18 views

CVE-2025-2934

CVE-2025-2934 affects GitLab CE/EE prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2. An authenticated attacker could induce a denial-of-service by configuring malicious webhook endpoints that send crafted HTTP responses. The issue has been remediated in the patch releases GitLab 18...

6.5CVSS6.3AI score0.00495EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/09 11:33 a.m.2 views

CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...

4.3CVSS6.3AI score0.00495EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/09 11:33 a.m.3 views

EUVD-2025-33330

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...

4.3CVSS6.1AI score0.00495EPSS
Exploits0References4
OSV
OSV
added 2025/10/09 11:33 a.m.5 views

CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...

4.3CVSS6.2AI score0.00495EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.3 views

PT-2025-41372

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 5.2 through 18.2.8 GitLab CE/EE versions 18.3 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 Description An authenticated attacker could create a denial of service condition by configuring malicious webhook...

4.3CVSS6.5AI score0.00495EPSS
Exploits0References8
Snyk
Snyk
added 2025/09/04 6:43 a.m.2 views

Cross-site Scripting (XSS)

Overview pywa is a 🚀 Build WhatsApp Bots in Python • Fast, Effortless, Powerful Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhook challenge and update handlers in the Flask and FastAPI webhook endpoints. An attacker can execute malicious scripts in...

4.7CVSS5.5AI score
Exploits0References3
Snyk
Snyk
added 2025/08/11 9:31 p.m.1 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the webhook endpoints. An attacker can cause the plugin to crash by repeatedly sending invalid request bodies to the server. Remediation Upgrade...

7.5CVSS7AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder