CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

GHSA-9C5W-9Q3F-3HV7 Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder versions prior to 0.0.48 that stems from the Github Webhook handler being...

PT-2024-25695 · Minder · Minder

Name of the Vulnerable Software and Affected Versions: Minder versions prior to 0.0.48 Description: Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232 WordPres...

CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169 WordPres...

GHSA-74P6-39F2-23V3 Blind SSRF Leads to Port Scan by using Webhooks

Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco version 13.0.0 and earlier, which originates from a vulnerability that allows an attacker to view webhook logs while in debug mode, which could lead to...

PT-2024-22688

Name of the Vulnerable Software and Affected Versions Umbraco versions 13.0.0 through 13.1.0 Description The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. Recommendations For Umbraco versions 13.0.0...

CVE-2024-32134

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134

CVE-2024-32134 is an Authenticated (Administrator+) SQL Injection in the WordPress plugin Forms to Zapier/Integromat/IFTTT/Workato/Automate.io/elastic.io/Built.io/APIANT/Webhook, affecting versions up to 1.1.12. Root cause is improper neutralization of input used in SQL commands. Public exploitat...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin <= 1.1.12 is vulnerable to SQL Injection

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions = 1.1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32134 Patch priority Low CVSS severity Low 7.6 Developer Claim...

PT-2025-26319 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 Description: An issue was discovered in GitLab EE where webhook deletion audit log preserved auth credentials. Recommendation...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320 WordPres...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 74 vulnerabilities disclosed in 56 WordPress...