EUVD-2026-18658

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

GHSA-P8C7-HJC4-GWF8 Casdoor vulnerable to SSRF via crafted Webhook URL

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

Casdoor vulnerable to SSRF via crafted Webhook URL

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-5469

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

CVE-2026-5469

CVE-2026-5469 affects Casdoor version 2.356.0, specifically the Webhook URL Handler component. A crafted manipulation can induce a server-side request forgery (SSRF) and is reportable remotely. The vulnerability involves unknown code within the Webhook URL Handler and, per disclosures, the vendor...

CVE-2026-5469

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

PT-2026-30049

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

EUVD-2026-18452

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

Summary The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containi...

Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer

Summary The webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.. When webhook events fire, the...

SSRF in MLflow via user-controlled webhook URL parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the webhook creation functionality of MLflow. The createwebhook handler accepts a user-controlled url parameter and stores it without any validation. When webhooks are tested or triggered, the sendwebhookrequest function sends...

Hemmelig 安全漏洞

Hemmelig is a content encryption software from Hemmelig Open Source. A security vulnerability exists in Hemmelig versions prior to 7.3.3 that stems from an SSRF filter bypass in Webhook URL validation, which could lead to server-side request forgery attacks...

WeRSS 代码问题漏洞

WeRSS is a WeChat public number system by Rachel open source. A code issue vulnerability exists in WeRSS 1.4.7 and earlier versions, which stems from incorrect manipulation of the parameter webhookurl in the component Webhook Module, which could lead to server-side request forgery...

EUVD-2020-25966

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-4462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2022-4342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all version...

Linux Distros Unpatched Vulnerability : CVE-2022-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions...

CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

MAL-2025-191763 Malicious code in hyper-request (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6431cc277fd1d8f82ec5160b5943d5ee9ec08ca1a5c5ff9b1b45d67c233b1d2 The only functionality is to exfiltrated Roblox cookies. However, the current version does not contain the webhook url yet see reqhandler.py --- Category:...