CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection

Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-37390 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 27be6a2ff8c6 Credits Robert R Required...

PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk

Name of the Vulnerable Software and Affected Versions: viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0 Description: A vulnerability was found in the viafintech Barzahlen Payment Module PHP SDK, affecting the verify function of the file src/Webhook.php. The manipulation leads to...

Improper Input Validation in sopel-plugins.channelmgnt

Impact On some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have ...