CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

EUVD-2026-32974

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

Linux Distros Unpatched Vulnerability : CVE-2025-12576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain...

CVE-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

CVE-2025-12576

GitLab CE/EE is affected in versions prior to 18.7.6, 18.8.6 (for 18.8 line), and 18.9.2 (for 18.9 line) where an authenticated user could cause a denial of service due to improper handling of webhook response data. Affected components are the webhook handling flow; the root cause is improper pro...

CVE-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

CVE-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

PT-2026-24705

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

CVE-2026-27626

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

EUVD-2021-26267

Malware in sbrugna...

EUVD-2023-2207

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-39911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all version...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

PT-2023-27227 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 1.0.2 Description: An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for...

Woodpecker 输入验证错误漏洞

Woodpecker is a community branch of the Drone CI system. An input validation error vulnerability exists in Woodpecker versions 1.0.0 through 1.0.2, which can be exploited by an attacker to publish incorrectly formatted Webhook data, resulting in repository data updates...

UBUNTU-CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...