CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3509 matches found

Veracode•added 2025/11/20 8:54 a.m.•4 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...

7.5CVSS6.9AI score0.0055EPSS

Exploits1References5Affected Software3

Veracode•added 2025/11/20 8:39 a.m.•134 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

7.5CVSS7.1AI score0.00536EPSS

Exploits1References5Affected Software3

Veracode•added 2025/11/20 5:39 a.m.•6 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint accessing an array index without validating its length, which allows an attacker to crash the argocd-server process using a single unauthenticated HTTP POST with an...

7.5CVSS7.1AI score0.00536EPSS

Exploits1References5Affected Software3

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: nodejs20 (TSSA-2025:0415)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7.1AI score0.00727EPSS

Exploits1References5

IBM Security Bulletins•added 2025/11/18 7:10 p.m.•4 views

Security Bulletin: Astronomer with IBM is vulnerable to memory leaks due to the undici package (CVE-2025-47279)

Summary Undici is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-47279 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like syste...

3.1CVSS6AI score0.00254EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/11/17 9:7 a.m.•13 views

CVE-2025-13174

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...

6.5CVSS6.7AI score0.00228EPSS

Exploits0References1

EUVD•added 2025/11/14 9:30 p.m.•2 views

EUVD-2025-197656

6.5CVSS6.3AI score0.00228EPSS

Exploits0References5

RedhatCVE•added 2025/11/14 7:59 p.m.•5 views

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

9.6CVSS6.8AI score0.00328EPSS

Exploits1References1

NVD•added 2025/11/14 7:15 p.m.•11 views

CVE-2025-13174

6.5CVSS0.00228EPSS

Exploits0References4

Vulnrichment•added 2025/11/14 6:32 p.m.•7 views

CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery

6.5CVSS6.5AI score0.00228EPSS

Exploits0References4

Cvelist•added 2025/11/14 6:32 p.m.•12 views

CVE-2025-13174 rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery

6.5CVSS0.00228EPSS

Exploits0References4

CVE•added 2025/11/14 6:32 p.m.•13 views

CVE-2025-13174

CVE-2025-13174 affects rachelos WeRSS we-mp-rss up to 1.4.7. The vulnerability lies in the Webhook Module’s function do_job (file path: /rachelos/we-mp-rss/blob/main/jobs/mps.py). Manipulating the argument web_hook_url can lead to server-side request forgery (SSRF). The attack may be executed rem...

6.5CVSS6.5AI score0.00228EPSS

Exploits0References4

Positive Technologies•added 2025/11/14 12:0 a.m.•3 views

PT-2025-46996

Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7 Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request...

6.5CVSS6.3AI score0.00228EPSS

Exploits0References8

CNNVD•added 2025/11/14 12:0 a.m.•1 views

WeRSS 代码问题漏洞

WeRSS is a WeChat public number system by Rachel open source. A code issue vulnerability exists in WeRSS 1.4.7 and earlier versions, which stems from incorrect manipulation of the parameter webhookurl in the component Webhook Module, which could lead to server-side request forgery...

6.5CVSS6.5AI score0.00228EPSS

Exploits0References5

NVD•added 2025/11/13 8:15 p.m.•4 views

CVE-2025-64709

9.9CVSS0.00328EPSS

Exploits1References1

CVE•added 2025/11/13 7:42 p.m.•15 views

CVE-2025-64709

Typebot (open-source chatbot builder) contains an SSRF flaw in the webhook block’s HTTP Request component affecting versions before 3.13.1. The issue lets authenticated users cause server-side HTTP requests, bypass IMDSv2 via custom header injection, and extract temporary AWS IAM credentials for ...

9.9CVSS6.4AI score0.00328EPSS

Exploits1References1Affected Software1