Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3445 matches found

Snyk
Snykadded 2026/05/07 1:15 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:15 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:15 a.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
OSV
OSVadded 2026/05/07 1:15 a.m.2 views

GHSA-4VMC-GM8V-M35H Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Summary The default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://::ffff:127.0.0.1:... and reach loopback or private HTTP services that the...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/05/07 1:15 a.m.7 views

Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Summary The default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://::ffff:127.0.0.1:... and reach loopback or private HTTP services that the...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2026/05/07 1:15 a.m.6 views

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:15 a.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:15 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:15 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:0 a.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

8.7CVSS5.8AI score0.00016EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:0 a.m.6 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

8.7CVSS5.8AI score0.00016EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:0 a.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

8.7CVSS5.8AI score0.00016EPSS
Exploits1References2
Snyk
Snykadded 2026/05/07 1:0 a.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

8.7CVSS5.8AI score0.00016EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/05/07 1:0 a.m.6 views

Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Summary The webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent request claims the recycled context, c.Reset clears the store. If the...

7.5CVSS5.9AI score0.00016EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/05/07 1:0 a.m.2 views

GHSA-R33J-C622-R6QP Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Summary The webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent request claims the recycled context, c.Reset clears the store. If the...

7.5CVSS5.9AI score0.00016EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.8 views

PT-2026-38385

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description A flaw in the webhook middleware allows an anonymous caller to crash the process. The middleware spawns a goroutine that retains a reference to the echo.Context after the synchronous handler retur...

7.5CVSS5.8AI score0.00016EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.8 views

PT-2026-38445

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPT RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DN...

7.7CVSS5.8AI score0.00036EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.6 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the reuse of administrator-configured local target whitelists in the Webhook notification function. This...

6CVSS5.8AI score0.00066EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/07 12:0 a.m.6 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained code vulnerabilities due to incomplete SSRF protections. The vulnerability arises from the use of gethostbyname to verify the Webhook URL without utilizing the...

7.7CVSS5.9AI score0.00036EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.8 views

PT-2026-38386

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description An unauthenticated attacker can bypass the default deny-lists used by the downloadFrom and webhook features. The issue occurs because the filtering logic uses case-sensitive regular expressions th...

9.4CVSS5.8AI score0.00084EPSS
Exploits1References7
Rows per page
Query Builder