Malicious code in webhook-example-coinbase-commerce-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1196 Malicious code in webhook-example-coinbase-commerce-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caf969b51a297b05f640bf97cc7a17661d904a676086486f87b2d3241a30e431 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stripo Inc: [my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier

A critical Blind SSRF Server-Side Request Forgery vulnerability was identified in the export service of the Stripo app. The vulnerability existed in the endpoint /exportservice/v3/exports/WEBHOOK/accounts, where malicious input could be provided in the webhookUrl parameter, triggering SSRF and...

CVE-2024-12712

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses...

PT-2025-1934 · WordPress · Shopping Cart & Ecommerce Store

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.8 Description: The issue is related to a missing capability check on the webhook function, allowing unauthenticated attackers to modify order statuses...

Malicious code in solanacore (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

MAL-2025-45 Malicious code in solana-login (npm)

The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...

Malicious code in github-webhook-ip-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11986 Malicious code in github-webhook-ip-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 18, 2024 to November 24, 2024)

Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are in-scop...

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

Harbor 授权问题漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policy and role-based access control, ensuring that images are scanned and free of vulnerabilities, and signing images as trusted. An authorization issue vulnerability exists in Harbor versions 2.4.2 and...

Atlantis 日志信息泄露漏洞

Atlantis is a self-hosted golang application from the Atlantis open source. It listens to Terraform pull request events via webhook. Atlantis has a log information disclosure vulnerability that stems from Atlantis logs containing GitHub credentials during rotation. An attacker who could read thes...

VulnCheck KEV: CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

Improper Access Control

Umbraco is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on API access and is caused by improper access control in the webhook API, allows low-privilege users to retrieve information that should be accessible only to users with settings section...

Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section...

GHSA-4GP9-FF99-J6VJ Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section...