3509 matches found
CVE-2025-14700
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
EUVD-2025-203859
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700
CVE-2025-14700 affects Crafty Controller 4.6.1 in the Webhook Template component. The supplied documents describe an input neutralization vulnerability that enables authenticated attackers to achieve remote code execution via Server-Side Template Injection (SSTI). Multiple sources (NVD/Red Hat/CV...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
CVE-2025-14700 Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...
PT-2025-51794
Name of the Vulnerable Software and Affected Versions Crafty Controller version 4.6.1 Description An input neutralization issue exists within the Webhook Template component of Crafty Controller. This allows a remote, authenticated attacker to execute code on the system through Server Side Templat...
Crafty Controller 安全漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A security vulnerability exists in Crafty Controller that stems from improper input neutralization of the Webhook Template component, which could lead to remote code execution via server-side template injection...
PYSEC-2025-232
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
PYSEC-2025-232
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492
CVE-2025-67492 affects Weblate prior to version 5.15, where a crafted webhook payload could trigger mass repository updates and component enumeration through an overly permissive webhook endpoint. The root cause is the webhook handling allowing unauthorized triggering across multiple repositories...
EUVD-2025-203448
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate versions prior to 5.15 that stems from a specially crafted webhook payload that could trigger multiple repository updates, potentially resulting in a denial of...
PT-2025-51349
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 were susceptible to unauthorized triggering of repository updates through a specially crafted webhook payload. Disabling webhooks using...
Improper Validation of Syntactic Correctness of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the webhook endpoint. An attacker can enumerate components and trigger updates for multiple repositories by sending crafted webhook payloads. Workaround This vulnerability can be...