Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/26 8:34 p.m.2 views

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS5.8AI score0.00066EPSS
Exploits1References4Affected Software1
CNVD
CNVDadded 2026/03/02 12:0 a.m.2 views

OpenClaw code issue vulnerability (CNVD-2026-13388)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a code issue vulnerability that stems from a Cron webhook delivery using fetch direct call, which can be exploited by an attacker to cause the webhook target to access private or internal endpoints...

7.3CVSS5.8AI score0.00018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/21 9:49 a.m.5 views

CVE-2026-27488

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19...

6.9CVSS5.5AI score0.00018EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2025/11/10 9:34 p.m.6 views

Soft Serve is vulnerable to SSRF through its Webhooks

SUMMARY We have identified and verified an SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. AFFECTED COMPONENTS VERIFIED 1. Webhook Creation...

9.1CVSS6.9AI score0.00053EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2024/09/10 3:4 p.m.14 views

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

6.4CVSS6.6AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/09/10 12:0 a.m.2 views

PT-2024-31597 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...

6.4CVSS6.9AI score0.00317EPSS
Exploits0References8
Rows per page
Query Builder