3502 matches found
PT-2025-32581 · WordPress · Mattermost Confluence Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid request bodies...
PT-2025-32577 · Mattermost · Mattermost Confluence Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid requests to th...
CVE-2025-53548
Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...
GHSA-9MP4-77WG-RWX9 @clerk/backend Performs Insufficient Verification of Data Authenticity
Impact Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. Patches @clerk/backend: the helper has been patched as of 2.4.0 @clerk/astro: the helper has been patched as of 2.10.2 @clerk/express: the helper...
CVE-2025-53548 @clerk/backend Performs Insufficient Verification of Data Authenticity
Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...
CVE-2025-53548 @clerk/backend Performs Insufficient Verification of Data Authenticity
Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...
CVE-2025-53548 @clerk/backend Performs Insufficient Verification of Data Authenticity
Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...
CVE-2025-53548
CVE-2025-53548 concerns Clerk’s verifyWebhook() validation. Across connected documents, the issue is that the verifyWebhook() helper may accept improperly signed webhook events, enabling signature forgery. The vulnerability is mitigated by upgrading to @clerk/backend 2.4.0, which properly parses ...
Official Clerk JavaScript SDKs 数据伪造问题漏洞
Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A data forgery vulnerability exists in the Official Clerk JavaScript SDKs, which stems from insufficient verifyWebhook validation and may result in the acceptance of unsigned webhook...
PT-2025-28943 · Clerk · @Clerk/Backend
Name of the Vulnerable Software and Affected Versions: @clerk/backend versions prior to 2.4.0 Description: Applications utilizing the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. Recommendations: Upgrade to @clerk/backend...
MAL-2025-191733 Malicious code in fonafx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9441463f029726ea263225e9b0092d82b049e2d7a4e059becd24f5e23c70a906 Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other...
CVE-2025-23172
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...
CVE-2024-7586
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
CVE-2024-7586
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
UBUNTU-CVE-2024-7586
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
CVE-2024-7586
GitLab EE vulnerability CVE-2024-7586 affects GitLab EE versions: 17.0 up to but not including 17.0.6, 17.1 up to but not including 17.1.4, and 17.2 up to but not including 17.2.2. The issue is that webhook deletion audit logs can preserve auth credentials. A fix exists in the subsequent release ...
CVE-2024-7586 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
CVE-2024-7586 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
CVE-2024-7586
Removed by vendor...
CVE-2025-23172
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...