3653 matches found
CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...
CVE-2026-21856
CVE-2026-21856 affects the Tarkov Data Manager. A time-based blind SQL injection existed in the webhook edit and scanner API endpoints prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, allowing an authenticated attacker to execute arbitrary SQL queries against the MySQL database. A patch ...
CVE-2026-0656
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...
Malicious code in codefrequencychecker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-126 Malicious code in codefrequencychecker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...
CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...
CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...
CVE-2026-0656
The CVE-2026-0656 entry concerns the iPaymu Payment Gateway for WooCommerce (WordPress). Wordfence reports a Missing Authentication flaw in webhook handling (function check_ipaymu_response) across versions up to 2.0.2, due to lack of signature verification and origin checks. This allows unauthent...
GHSA-GHW8-3XQW-HHCJ vulnerabilities
Vulnerabilities for packages: step-issuer, cert-manager-cmctl, cert-manager-webhook-pdns, cert-manager-istio-csr, cert-exporter, aws-privateca-issuer...
CVE-2024-12401 vulnerabilities
Vulnerabilities for packages: step-issuer, cert-manager-cmctl, cert-manager-webhook-pdns, cert-manager-istio-csr, cert-exporter, aws-privateca-issuer...
CVE-2024-12401 vulnerabilities
Vulnerabilities for packages: aws-privateca-issuer, cert-exporter-fips, step-issuer, step-issuer-fips, cert-manager-fips, cert-manager-webhook-pdns-fips, aws-privateca-issuer-fips, cert-manager, cert-manager-webhook-pdns, cert-exporter, cert-manager-istio-csr, cert-manager-cmctl,...
GHSA-GHW8-3XQW-HHCJ vulnerabilities
Vulnerabilities for packages: aws-privateca-issuer, cert-exporter-fips, step-issuer, step-issuer-fips, cert-manager-fips, cert-manager-webhook-pdns-fips, aws-privateca-issuer-fips, cert-manager, cert-manager-webhook-pdns, cert-exporter, cert-manager-istio-csr, cert-manager-cmctl,...
PT-2026-2124
Name of the Vulnerable Software and Affected Versions n8n versions 0.150.0 through 2.2.1 Description n8n is a workflow automation platform. A flaw in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger node create...
Tarkov Data Manager SQL注入漏洞
Tarkov Data Manager is a database management tool from The Hideout open source. A SQL injection vulnerability exists in previous versions of Tarkov Data Manager 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, which stems from the presence of blind time-based SQL injection in the webhook editor and...
PT-2026-1574
Name of the Vulnerable Software and Affected Versions iPaymu Payment Gateway for WooCommerce plugin for WordPress versions up to and including 2.0.2 Description The iPaymu Payment Gateway for WooCommerce plugin for WordPress is susceptible to missing authentication. This occurs because the plugin...
PT-2026-2104
Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 Description The Tarkov Data Manager is a tool used to manage Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time-based blind S...
CVE-2025-69206
Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...
EUVD-2025-205597
hemmelig allows SSRF Filter bypass via Secret Request functionality...
hemmelig allows SSRF Filter bypass via Secret Request functionality
Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...
GHSA-VVXF-WJ5W-6GJ5 hemmelig allows SSRF Filter bypass via Secret Request functionality
Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...