CVE-2025-30353

Directus vulnerability (CVE-2025-30353): In Directus, flows using the Webhook trigger with the Data of Last Operation response can disclose sensitive data when a ValidationError occurs. Affected versions are 9.12.0 up to, but not including, 11.5.0. The exposure includes environment variables, API...

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

Exploit for CVE-2025-1974

Ingress Nightmare CVE-2025-1907 Description This vulnerab...

PT-2025-12984 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.4.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. When a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.12.0 through 11.5.0, which stems from a Webhook trigger that could lead to the disclosure of...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

Important: Red Hat Security Advisory: Gatekeeper v3.18.0

Gatekeeper v3.18.0 Gatekeeper v3.18.0 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes...

Important: Red Hat Security Advisory: Gatekeeper v3.17.2

Gatekeeper v3.17.2 Gatekeeper v3.17.2 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes...

SUSE CVE-2025-27616

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

GO-2025-3509 Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server

Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server...

Repository Takeover

github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...

CVE-2024-13838

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...

CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...

WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Uncanny Automator - Easy...

PT-2025-11000 · WordPress · The Uncanny Automator – Easy Automation

Name of the Vulnerable Software and Affected Versions: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress versions up to, and including, 6.2 Description: The issue allows authenticated attackers with Administrator-level access and above t...

WordPress Uncanny Automator plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability

Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Uncanny Automator versions = 6.2...

VulnCheck KEV: CVE-2021-22175

GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...

GHSA-9M63-33Q3-XQ5X Vela Server Has Insufficient Webhook Payload Data Verification

Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...

Vela Server Has Insufficient Webhook Payload Data Verification

Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...