Lucene search
K

704 matches found

EUVD
EUVD
added 2026/04/07 9:31 a.m.3 views

EUVD-2026-19584

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 7:40 a.m.24 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:40 a.m.2 views

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.15 views

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References6
OSV
OSV
added 2026/04/04 6:4 a.m.5 views

GHSA-FCM4-4PJ2-M5HF Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step

Summary An unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. Details...

9CVSS6.2AI score0.11982EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-34590

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

5.4CVSS5.8AI score0.00226EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/02 5:26 p.m.3 views

EUVD-2026-18452

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

5.4CVSS5.8AI score0.00226EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.4 contained code vulnerabilities. These vulnerabilities stemmed from the lack of a verifier that prevents internal/private network addresses being used for the POST...

5.4CVSS5.9AI score0.00226EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 6:31 p.m.12 views

EUVD-2026-17532

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 5:16 p.m.15 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:30 p.m.5 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 4:30 p.m.13 views

CVE-2026-5205

The CVE-2026-5205 vulnerability affects chatwoot up to version 4.11.2, specifically the Webhooks::Trigger function in lib/webhooks/trigger.rb of the Webhook API. The root cause is manipulation of the argument url, enabling server-side request forgery (SSRF). The issue is exploitable remotely, wit...

6.5CVSS6.4AI score0.00259EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/31 2:18 p.m.170 views

Exploit for Server-Side Request Forgery in Useplunk Plunk

CVE-2026-32096 SSRF via unvalidated AWS SNS SubscriptionCon...

9.3CVSS6AI score0.00273EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29296

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Chatwoot 代码问题漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Versions of Chatwoot prior to 4.11.2 contained a code vulnerability. This...

6.5CVSS6.7AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/26 10:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 9:17 p.m.3 views

UBUNTU-CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-3641

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

5.3CVSS5.9AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder