Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/26 10:1 p.m.26 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS0.00026EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/07 5:29 a.m.0 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00013EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/07 5:29 a.m.23 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS0.00013EPSS
Exploits1References3
OSV
OSVadded 2026/03/07 5:29 a.m.1 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00013EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 9:5 a.m.2 views

CVE-2024-41664

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

5.4CVSS7AI score0.00099EPSS
Exploits0References1
OSV
OSVadded 2023/11/05 4:4 p.m.26 views

MAL-2023-8438 Malicious code in jotform-webhook-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79c05d67fd61e4cb82e93b3c98181d7cc58e89c7dab47e8aab381f60211ef6db The OpenSSF Package Analysis project identified 'jotform-webhook-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2023/11/05 4:4 p.m.2 views

Malicious code in jotform-webhook-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79c05d67fd61e4cb82e93b3c98181d7cc58e89c7dab47e8aab381f60211ef6db The OpenSSF Package Analysis project identified 'jotform-webhook-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

6.9AI score
Exploits0
Rows per page
Query Builder