CVE-2026-32096

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

plunk 代码问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.7.0 contained code vulnerabilities. These vulnerabilities stemmed from issues with the SNS webhook handler, which had problems with server-side request forgeing attacks. This could allow...

EUVD-2025-206485

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

EUVD-2025-26361

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

PT-2025-35514

Name of the Vulnerable Software and Affected Versions: Langfuse versions through 3.88.0 Description: A security flaw exists in Langfuse, potentially leading to server-side request forgery. The vulnerability is located in the promptChangeEventSourcing function within the...

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

GHSA-9C5W-9Q3F-3HV7 Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

CVE-2020-35236

The CVE-2020-35236 entry concerns the GitLab Webhook Handler in amazee.io Lagoon prior to version 1.12.3, which has incorrect access control related to project deletion. The vulnerability stems from insufficient authorization checks in the webhook handler, potentially allowing unauthorized projec...