Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3534 matches found

Snyk
Snykadded 2026/03/09 7:52 p.m.2 views

Improper Control of Interaction Frequency

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Control of Interaction Frequency via the hooks HTTP handler. An attacker can cause temporary lockout of legitimate webhook delivery by sending repeated non-POST requests with...

6.9CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/09 8:2 a.m.3 views

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/03/09 12:0 a.m.4 views

PT-2026-24118

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A flaw exists in the server's authorized middleware, which is designed to protect server-side API...

9.1CVSS5.8AI score0.15339EPSS
Exploits2References12
CNNVD
CNNVDadded 2026/03/09 12:0 a.m.7 views

Budibase 注入漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.31.4 and earlier have a injection vulnerability. This vulnerability stems from the authorized...

9.1CVSS5.8AI score0.15339EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/03/08 1:44 a.m.4 views

CVE-2026-30846

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the globalwebhooks publication exposes all global webhook integrations—including sensitive url and token fields—without performing any authentication check on the server side. Although the subscription is...

8.7CVSS5.7AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/08 1:44 a.m.5 views

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

8.2CVSS5.7AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/08 1:44 a.m.5 views

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

8.5CVSS5.8AI score0.00284EPSS
Exploits0References1
Snyk
Snykadded 2026/03/08 12:39 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fireWebhook function in the file /internal/service/webhook/webhook.go. An attacker can cause the server to initiate arbitrary requests to internal or external systems by supplying crafted input t...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2
NVD
NVDadded 2026/03/07 11:15 p.m.3 views

CVE-2026-3681

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...

6.5CVSS0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/07 11:2 p.m.2 views

CVE-2026-3681 welovemedia FFmate webhook.go fireWebhook server-side request forgery

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...

6.5CVSS6.3AI score0.00224EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/07 11:2 p.m.31 views

CVE-2026-3681 welovemedia FFmate webhook.go fireWebhook server-side request forgery

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...

6.5CVSS0.00224EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/07 11:2 p.m.3 views

CVE-2026-3681

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...

6.5CVSS5.5AI score0.00224EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/03/07 11:2 p.m.10 views

CVE-2026-3681

Summary: CVE-2026-3681 affects welovemedia FFmate up to v2.0.15. The vulnerability lies in the file /internal/service/webhook/webhook.go, in the function fireWebhook, where input manipulation can trigger a server-side request forgery (SSRF) . The issue is exploitable remotely; an attacker can cra...

6.5CVSS5.5AI score0.00224EPSS
Exploits0References4
NVD
NVDadded 2026/03/07 6:16 a.m.5 views

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS0.00331EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/07 5:29 a.m.26 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS0.00331EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/07 5:29 a.m.1 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References3
CVE
CVEadded 2026/03/07 5:29 a.m.12 views

CVE-2026-30839

CVE-2026-30839 affects Wallos prior to version 4.6.2. The issue in testwebhooknotifications.php allows full-read SSRF because the target URL is not validated against private/reserved IP ranges; the server response is returned to the caller. This vulnerability is mitigated in 4.6.2 (patch released...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/03/07 5:29 a.m.4 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/07 1:44 a.m.6 views

CVE-2026-29606

OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly...

6.5CVSS5.8AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/07 1:44 a.m.3 views

CVE-2026-29613

OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles optional plugin webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operat...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder