Lucene search
K

3506 matches found

CVE
CVE
added 4 hours ago6 views

CVE-2026-56295

Capgo is affected pre-12.128.2 by an authorization bypass in webhook management endpoints. The issue allows legacy non-expiring API keys to bypass the require_apikey_expiration policy because checkWebhookPermission does not call apikeyHasOrgRightWithPolicy, enabling those keys to list, create, an...

6.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-56227

Capgo before 12.128.2 is affected by a server-side request forgery (SSRF) in webhook URL validation. The flaw permits configuring webhooks to loopback or internal addresses (e.g., localhost/127.0.0.1). When triggered, the backend makes outbound requests to those addresses, and error responses are...

5.4CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added 16 hours ago5 views

Dozzle - Server Side Request Forgery

Dozzle prior to 10.5.2 contains a server-side request forgery caused by unauthenticated access to POST /api/notifications/test-webhook forwarding attacker-controlled URLs, letting remote attackers send arbitrary HTTP POST requests and receive response data, exploit requires no authentication. id:...

8.6CVSS6.1AI score0.01285EPSS
Exploits1References2
EUVD
EUVD
added 19 hours ago6 views

EUVD-2026-38093

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS5.9AI score
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-56079

Capgo before 12.128.2 contains a cross-tenant authorization bypass in PostgREST endpoints that lets org-scoped read API keys access other tenants’ webhook secrets and delivery logs. Attackers can query webhooks and webhook_deliveries to exfiltrate HMAC signing secrets and delivery payloads, enabl...

7.1CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-12726

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS5.8AI score
Exploits0References3
Nuclei
Nuclei
added yesterday36 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS5.9AI score0.15339EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday18 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.7AI score0.53372EPSS
Exploits1References2
CVE
CVE
added yesterday13 views

CVE-2026-3640

The STRABL WordPress plugin (versions

5.3CVSS5.8AI score
Exploits0References14
EUVD
EUVD
added yesterday8 views

EUVD-2026-37995

The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permissioncallback of returntrue, which allows all incoming requests...

5.3CVSS5.8AI score
Exploits0References14
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-51010

Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...

6.3CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-51037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...

7.1CVSS5.9AI score
Exploits0References5
Patchstack
Patchstack
added 2 days ago5 views

WordPress STRABL – A checkout solution plugin <= 4.5 - Unauthenticated Arbitrary Webhook Creation vulnerability

Unauthenticated Arbitrary Webhook Creation vulnerability discovered by Teerachai Somprasong in WordPress Plugin STRABL – A checkout solution versions = 4.5...

5.3CVSS5.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress CF7 to Webhook plugin <= 5.0.0 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin CF7 to Webhook versions = 5.0.0...

7.2CVSS5.2AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago5 views

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.00231EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-37863

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS5.4AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-11395 CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS5.4AI score0.00231EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-11395

CVE-2026-11395 : The CF7 to Webhook plugin for WordPress is vulnerable to unauthenticated Server-Side Request Forgery through the pull_the_trigger path, affecting all versions up to and including 5.0.0. Exploitation requires the admin-configured webhook URL to contain a Contact Form 7 field place...

7.2CVSS5.5AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2 days ago9 views

CVE-2026-12093

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

5.3CVSS0.00352EPSS
Exploits0References10
Rows per page
Query Builder