EUVD-2025-33544

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret...

CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

EUVD-2025-29390

Malicious code in bioql PyPI...

EUVD-2022-6368

Malicious code in bioql PyPI...

GHSA-FCPM-6MXQ-M5VV Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

Taylored webhook validation vulnerabilities

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

Repository Takeover

github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...

PT-2025-6619 · WordPress · Stream

Name of the Vulnerable Software and Affected Versions: The Stream plugin for WordPress versions up to, and including, 4.0.2 Description: The issue is related to Server-Side Request Forgery due to insufficient validation on the webhook feature. This allows authenticated attackers with...

GO-2023-2014 Woodpecker does not validate webhook before changing any data in github.com/woodpecker-ci/woodpecker

Woodpecker does not validate webhook before changing any data in github.com/woodpecker-ci/woodpecker...

CVE-2023-3525

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without...

WordPress Plugin Getnet Argentina para Woocommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Debian DSA-4107-1 : django-anymail - security update

It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOKAUTHORIZATION secret and post arbitrary email tracking events. C Tenable Network Security, Inc. Th...