22 matches found
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
EUVD-2026-5333
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884
CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2025-13174
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
EUVD-2025-197656
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
CVE-2025-13174
CVE-2025-13174 affects rachelos WeRSS we-mp-rss up to 1.4.7. The vulnerability lies in the Webhook Module’s function do_job (file path: /rachelos/we-mp-rss/blob/main/jobs/mps.py). Manipulating the argument web_hook_url can lead to server-side request forgery (SSRF). The attack may be executed rem...
WeRSS 代码问题漏洞
WeRSS is a WeChat public number system by Rachel open source. A code issue vulnerability exists in WeRSS 1.4.7 and earlier versions, which stems from incorrect manipulation of the parameter webhookurl in the component Webhook Module, which could lead to server-side request forgery...
CVE-2024-39403 Stored XSS through Webhook module public key configuration
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
CVE-2024-39403 Stored XSS through Webhook module public key configuration
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
PT-2024-18941
Name of the Vulnerable Software and Affected Versions github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0 Description Th...