Lucene search
K

14 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:10 p.m.3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/06 9:10 p.m.12 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:10 p.m.6 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56024

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The application lacks authentication, rate limiting, and input validation at the 'POST /api/feedback' endpoint. This allows arbitrary content to be forwarded directly to a Discord webhook,...

6.5CVSS6AI score0.003EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/16 8:13 p.m.29 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.2CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.33 views

PT-2026-38446

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

6CVSS5.9AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.26 views

EUVD-2026-20117

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS6AI score0.00375EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.6 views

CVE-2026-26957

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

6.9CVSS5.7AI score0.00061EPSS
Exploits0References1
CVE
CVE
added 2025/11/10 9:10 p.m.21 views

CVE-2025-49145

Combodo iTop vulnerability CVE-2025-49145 affects iTop versions prior to 2.7.13 and 3.2.2. A user with sufficient rights to create webhooks (typically administrators) can trigger database deletion due to unverified callback signatures. The issue is mitigated in iTop by upgrading to 2.7.13 or 3.2....

8.7CVSS6.3AI score0.00294EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24176

Malicious code in bioql PyPI...

5.9CVSS6.3AI score0.00283EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.412 views

StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload

Exploit Title: StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload Exploit Author: xpl0dec Vendor Homepage: https://www.storychief.io/wordpress-content-scheduler Software Link: https://github.com/Story-Chief/wordpress/ Version: ”; ? 2. Adjust the echo phpinfo section as needed 3. Host it o...

9.8CVSS6.5AI score0.37349EPSS
Exploits8
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.9 views

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from abuse of the Webhook feature and could lead to elevation of...

7.2CVSS7.9AI score0.00945EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/04/13 6:15 p.m.8 views

CVE-2022-1333

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service...

6.5CVSS6.6AI score0.00706EPSS
Exploits0References2
Rows per page
Query Builder