Lucene search
+L

46 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-45754

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...

6.9CVSS0.00348EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-61428 PraisonAI AgentMail before 4.6.78 Message Injection via Webhook

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:2 p.m.9 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 3:32 p.m.3 views

CVE-2026-54303 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS6AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.12 views

EUVD-2026-38377

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhoo...

6.3CVSS6AI score0.00186EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 10:39 p.m.6 views

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

NPM: n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

6.8CVSS5.8AI score0.00177EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 10:39 p.m.19 views

n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Patches The issue has been fixed in n8n...

6.8CVSS5.2AI score0.00177EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.6AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.11 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS0.00399EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:0 p.m.13 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 7:0 p.m.11 views

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/02 7:0 p.m.46 views

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS0.00399EPSS
Exploits0References6
CVE
CVE
added 2026/06/02 7:0 p.m.27 views

CVE-2026-10617

The CVE-2026-10617 entry describes a vulnerability in nextlevelbuilder GoClaw up to version 3.11.3, affecting the resolveAuth function in internal/http/auth.go of the Webhook Verification Handler. The issue results from a manipulation that leads to missing authentication, enabling remote exploita...

7.5CVSS6.5AI score0.00399EPSS
Exploits0References6
OSV
OSV
added 2026/06/02 7:0 p.m.3 views

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

6.9CVSS6.3AI score0.00399EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

goclaw 访问控制错误漏洞

Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...

7.5CVSS5.4AI score0.00399EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/29 9:32 p.m.30 views

Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification

Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

6.9CVSS5.8AI score0.00238EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42825

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.17.0 Description The WhatsApp Cloud API webhook endpoint 'POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook' fails to verify the x-hub-signature-256 HMAC signature provided by Meta. Because the...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained a security vulnerability. This vulnerability stemmed from the parsing of JSON request bodies before verifying the webhook signature, which could lead to...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities were due to a rate-limiting mechanism in the Webhook token verification process, which allowed bypasses and could le...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 7:16 a.m.15 views

CVE-2026-5167

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS0.00375EPSS
Exploits0References6
Rows per page
Query Builder