GHSA-HJ6F-7HP7-XG69 Mautic vulnerable to SSRF via webhook function

Summary Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed Details When sending webhooks, the destination is not validated, causing SSRF. Impact Bypass of firewalls to interact with interna...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook functionality. An attacker can access internal network resources and potentially retrieve partial response data by specifying arbitrary destinations when sending webhooks. Note: This is...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821 SSRF via webhook function

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821 SSRF via webhook function

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...

CVE-2025-9821

The CVE-2025-9821 relates to Mautic’s webhook feature, where the destination of webhooks is not validated, enabling SSRF when a user with webhook permissions can view webhook logs. This can allow bypassing firewalls to reach internal services and may disclose partial response data. Exploitation d...

Denial Of Service (DoS)

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of unexpected request bodies, which allows an attacker to repeatedly send invalid request bodies to the server webhook endpoint to crash the plugin...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from an unvalidated webhook target that could lead to server-side request...

PT-2025-35709

Name of the Vulnerable Software and Affected Versions: versions not specified Description: Users with webhook permissions can conduct Server-Side Request Forgery SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed. This allows...

Denial Of Service (DoS)

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of unexpected request bodies, which allows an attacker to repeatedly send invalid requests to the server webhook endpoint and crash the plugin...

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

MAL-2025-46938 Malicious code in monolith-twirp-webhooksubscriptions-subscriptions (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df56bfac6f56194f6dc4db74f8761484bd20d2a46e61558f757a3179e3e249e8 The OpenSSF Package Analysis project identified 'monolith-twirp-webhooksubscriptions-subscriptions' @ 1.5.0 rubygems as malicious. It is...

PT-2025-35514

Name of the Vulnerable Software and Affected Versions: Langfuse versions through 3.88.0 Description: A security flaw exists in Langfuse, potentially leading to server-side request forgery. The vulnerability is located in the promptChangeEventSourcing function within the...

CVE-2025-57818

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

Linux Distros Unpatched Vulnerability : CVE-2022-4462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2023-0838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could...

Linux Distros Unpatched Vulnerability : CVE-2023-2727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only...