EUVD-2026-29158

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

EUVD-2025-22666

Malicious code in bioql PyPI...

CVE-2025-9821

The CVE-2025-9821 relates to Mautic’s webhook feature, where the destination of webhooks is not validated, enabling SSRF when a user with webhook permissions can view webhook logs. This can allow bypassing firewalls to reach internal services and may disclose partial response data. Exploitation d...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

CVE-2025-45939

CVE-2025-45939 affects Apwide Golive Jira plugin version 10.2.0. The issue is a Server-Side Request Forgery (SSRF) exposed via the plugin’s test webhook function. No exploitation details are provided beyond this SSRF description; impact is described as limited to low confidentiality, integrity, a...

PT-2025-30819 · WordPress · Apwide Golive Jira Plugin

Name of the Vulnerable Software and Affected Versions: Apwide Golive Jira plugin version 10.2.0 Description: The Apwide Golive Jira plugin contains a Server-Side Request Forgery SSRF issue. This issue is related to the test webhook function, which allows for potential exploitation through...

CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

Strapi allows Server-Side Request Forgery in Webhook function

Description In Strapi latest version, at function Settings - Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as localhost, 127.0.0.1, 0.0.0.0,.... in order to make the Application fetching into...

CVE-2024-12712

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses...

CVE-2024-12712

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses...

CVE-2023-3525

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without...

CVE-2023-3525

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without...