12 matches found
CVE-2025-13174
A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...
PT-2025-46996
Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7 Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request...
EUVD-2017-1259
Malware in sbrugna...
CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook
OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...
CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook
OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...
CVE-2022-41906
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...
Mattermost Illegal Authorization Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an illegal authorization vulnerability that stems from the Jira plugin's inability to check the security level of incoming issues when processing subscriptions and to restrict...
Remote code execution
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...
CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...
CVE-2017-0916
Removed by vendor...
CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...
GitLab: Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook
The secret token field of a webhook is vulnerable to a new line injection, allowing an attacker to inject non-HTTP commands in a TCP stream. When a GitLab instance is configured with an external Redis instance, e.g. on 127.0.0.1:6379, it may result in arbitrary code execution on a Sidekiq worker ...