Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

GHSA-HF86-8X8V-H7VC Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

CVE-2024-39954

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

CVE-2024-39954

CVE-2024-39954 refers to a Server-Side Request Forgery (SSRF) in the Apache EventMesh project, specifically in the eventmesh-runtime module’s WebhookUtil.java. The vulnerability affects the WebhookUtil.java functionality that could allow an attacker to read or modify internal resources on affecte...

CVE-2024-39954 Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

Apache EventMesh 安全漏洞

Apache EventMesh is a new generation of serverless event middleware from the Apache Foundation for building distributed event-driven applications. A security vulnerability exists in Apache EventMesh, which stems from a server-side request forgery vulnerability in WebhookUtil.java that could resul...

WordPress Plugin StoryChief File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...

Linux Distros Unpatched Vulnerability : CVE-2021-39898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was...

GHSA-FCPM-6MXQ-M5VV Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

Linux Distros Unpatched Vulnerability : CVE-2022-3018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, a...

Linux Distros Unpatched Vulnerability : CVE-2022-3902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions...

Linux Distros Unpatched Vulnerability : CVE-2021-22246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

Linux Distros Unpatched Vulnerability : CVE-2025-47279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are...

Linux Distros Unpatched Vulnerability : CVE-2022-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions...

Linux Distros Unpatched Vulnerability : CVE-2021-39911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all version...

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

WordPress plugin StoryChief 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...

PT-2025-33527

Name of the Vulnerable Software and Affected Versions: StoryChief plugin for WordPress versions up to and including 1.0.42 Description: The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filetype validation. This occurs through the...