Lucene search
K

120 matches found

EUVD
EUVD
added 2026/02/04 5:10 p.m.7 views

EUVD-2026-5385

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

4.1CVSS5.3AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 5:10 p.m.6 views

CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

4.1CVSS5.3AI score0.00317EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

GLPI 代码问题漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

9.1CVSS6AI score0.00317EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.10 views

PT-2026-5022

Name of the Vulnerable Software and Affected Versions Squidex versions up to and including 7.21.0 Description Squidex is an open source headless content management system and content management hub. Versions up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules...

9.1CVSS6AI score0.0042EPSS
Exploits1References9
OSV
OSV
added 2026/01/26 8:16 p.m.4 views

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/01/26 7:35 p.m.23 views

CVE-2025-9522

Technical details about CVE-2025-9522 are not publicly provided in the supplied documents; no affected versions or remediation are disclosed. Monitor for updates.

5.3CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/26 7:35 p.m.6 views

EUVD-2025-206347

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.7 views

TP-Link Omada controllers have security vulnerabilities

TP-Link Omada Controllers are a series of centralized management platforms developed by TP-Link Corporation. The TP-Link Omada Controllers have security vulnerabilities, which stem from the webhook function’s vulnerability involving forged server-side requests, potentially leading to information...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/18 9:18 a.m.20 views

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

5.3CVSS5.9AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.4 views

CVE-2026-0656

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

8.2CVSS6.1AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:17 p.m.11 views

CVE-2026-0656

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

8.2CVSS0.00306EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 1:15 a.m.9 views

PYSEC-2025-232

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 12:5 a.m.29 views

CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 12:5 a.m.6 views

CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS6.7AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.9 views

PT-2025-51349

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 were susceptible to unauthorized triggering of repository updates through a specially crafted webhook payload. Disabling webhooks using...

5.3CVSS6.5AI score0.00235EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.4 views

PT-2025-51055

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibot call webhook with error and emplibot process zip data...

4.4CVSS5.8AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/10 10:43 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook URLs which are not validated. An attacker can access internal services, private networks, or cloud metadata endpoints by configuring malicious webhook URLs. PoC ssh localhost webhook crea...

9.1CVSS6.6AI score0.00335EPSS
Exploits1References2
OSV
OSV
added 2025/11/10 10:11 p.m.5 views

CVE-2025-64522 Soft Serve is vulnerable to SSRF through its Webhooks

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1...

9.1CVSS6.6AI score0.00335EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/10 10:11 p.m.3 views

CVE-2025-64522 Soft Serve is vulnerable to SSRF through its Webhooks

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1...

9.1CVSS6.2AI score0.00335EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/10 10:11 p.m.10 views

CVE-2025-64522 Soft Serve is vulnerable to SSRF through its Webhooks

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1...

9.1CVSS0.00335EPSS
Exploits1References3
Rows per page
Query Builder