Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:9 a.m.8 views

Malicious code in @flipbit2-bb/test-auth-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ba26e89d1aca1f10772bf4cc8c9b23a436a39a8442fdf4ba9abf6c4c890e63 On npm install, a postinstall script phone-home.js collects os.hostname, os.userInfo.username, process.platform + os.release, a timestamp, and a...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:27 a.m.5 views

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

5.5CVSS6.3AI score0.00954EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/03/26 8:8 p.m.53 views

Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

8.6CVSS6.7AI score0.00357EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2025/03/26 5:26 p.m.11 views

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

8.6CVSS0.00357EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/03/26 5:26 p.m.13 views

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

8.6CVSS7.6AI score0.00357EPSS
Exploits1References1
OSV
OSVadded 2023/04/05 9:15 p.m.0 views

UBUNTU-CVE-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

5.5CVSS5.8AI score0.00954EPSS
Exploits0References2
Rows per page
Query Builder