MAL-2026-5562 Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

CVE-2025-13174

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function dojob of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument webhookurl can lead to server-side request...

PT-2025-46996

Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7 Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request...

EUVD-2017-1259

Malware in sbrugna...

CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2025-24977 OpenCTI has remote code execution and sensitive secrets exposed through web hook

OpenCTI is an open cyber threat intelligence CTI platform. Prior to version 6.4.11 any user with the capability manage customizations can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the...

CVE-2022-41906

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

Mattermost Illegal Authorization Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an illegal authorization vulnerability that stems from the Jira plugin's inability to check the security level of incoming issues when processing subscriptions and to restrict...

Remote code execution

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the systemhookpush queue through web hook component resulting in remote code execution...

CVE-2017-0916

Removed by vendor...

GitLab: Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook

The secret token field of a webhook is vulnerable to a new line injection, allowing an attacker to inject non-HTTP commands in a TCP stream. When a GitLab instance is configured with an external Redis instance, e.g. on 127.0.0.1:6379, it may result in arbitrary code execution on a Sidekiq worker ...