com.github.hiwepy:pac4j-spring-boot-starter (=3.3.x.20241020.RELEASE), org.apereo.cas:cas-server-support-token-authentication (>=7.1.0 <=7.3.4) +1 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=6.0.5 <=6.2.2)

org.pac4j:pac4j-jwt MAVEN version =6.0.5, =7.1.0, =7.1.0, =7.3.4 Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...

CVE-2023-49818

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

How Webflow Helps Companies Move Faster Without Sacrificing Brand Control

Conventional development frequently results in a trade-off between speed and brand consistency, which harms reputation by causing delays…...

EUVD-2023-53726

Malicious code in bioql PyPI...

Malicious code in webflow-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6875 Malicious code in webflow-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 42b661acb4e76b31c10ac6138d3b67ef2606a39e5c0c291796f123ac6b232d93 The OpenSSF Package Analysis project identified 'webflow-extension' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Fake DocuSign email hides tricky phishing attempt

On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network CDN with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access ...

CVE-2023-49818

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

CVE-2023-49818 WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8...

PT-2024-13808 · Webflow · Webflow Pages

Name of the Vulnerable Software and Affected Versions: Webflow Pages versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.0.0 through...

WordPress plugin Webflow Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto...

org.apereo.cas:cas-server-support-rest-x509 (>=6.5.0 <=6.6.15.2), org.apereo.cas:cas-server-support-x509 (>=6.5.0 <=6.6.15.2) +1 more potentially affected by CVE-2023-28857 via org.apereo.cas:cas-server-support-x509-core (>=6.5.0 <=6.6.5)

org.apereo.cas:cas-server-support-x509-core MAVEN version =6.5.0, =6.5.0, =6.5.0, =6.5.0, =6.6.15.2 Source cves: CVE-2023-28857 Source advisory: OSV:GHSA-P78H-M8PV-G9GM...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

RHEL 7 : spring-webflow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...

Webflow Pages <= 1.0.8 - Missing Authorization

Description The Webflow Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to perform an unauthorized action...