CVE-2025-23172

The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...

CVE-2025-23172

The CVE-2025-23172 entry affects Versa Director SD-WAN, where the Webhook feature (Add Webhook/Test Webhook) can be abused by an authenticated user to send crafted HTTP requests to localhost. This could allow command execution on behalf of the Versa user who has sudo privileges, potentially enabl...

CVE-2025-23172

The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...

Taylored webhook validation vulnerabilities

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

GHSA-8G98-M4J9-QWW5 Taylored webhook validation vulnerabilities

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from abuse of the Webhook feature and could lead to elevation of...

PT-2025-26194 · Versa · Versa Director

Name of the Vulnerable Software and Affected Versions: Versa Director SD-WAN orchestration platform affected versions not specified Description: The Versa Director SD-WAN orchestration platform has a Webhook feature that can be abused by an authenticated user to send crafted HTTP requests to...

CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

Server Side Request Forgery (SSRF)

@strapi/admin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of webhook URLs, allowing requests to internal domains such as localhost and 127.0.0.1...

BIT-GITLAB-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

GHSA-V8WJ-F5C7-PVXF Strapi allows Server-Side Request Forgery in Webhook function

Description In Strapi latest version, at function Settings - Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as localhost, 127.0.0.1, 0.0.0.0,.... in order to make the Application fetching into...

Strapi allows Server-Side Request Forgery in Webhook function

Description In Strapi latest version, at function Settings - Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as localhost, 127.0.0.1, 0.0.0.0,.... in order to make the Application fetching into...

JetBrains TeamCity GitHub Checks Webhook Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. JetBrains TeamCity suffers from a cross-site scripting vulnerability that originates in the GitHub Checks Webhook, which can be exploited by an attacker to inject malicio...

The vulnerability of the Webhook extension of the TYPO3 content management system allows a hacker to perform an SSRF attack.

The vulnerability of the Webhook extension of the TYPO3 content management system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time...

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

UBUNTU-CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

CVE-2024-7803

CVE-2024-7803 affects GitLab CE/EE: versions 11.6–before 17.10.7, 17.11–before 17.11.3, and 18.0–before 18.0.1. The root cause is a Discord webhook integration that may cause a Denial of Service. The impact is a DoS on affected GitLab deployments. The provided sources confirm the vulnerability ex...