Lucene search
K

3688 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-56360

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-56360 n8n - Webhook Forgery via Unsigned POST Requests in ZendeskTrigger

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data...

6.3CVSS
Exploits0References2
CVE
CVE
added 6 hours ago5 views

CVE-2026-56360

n8n is affected in versions prior to 1.123.18 and 2.6.2 where the ZendeskTrigger node fails to verify HMAC-SHA256 signatures on Zendesk webhooks. This allows attackers who know the webhook URL to send unsigned POST requests, potentially triggering workflows with arbitrary data. No remediation det...

6.3CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added 14 hours ago41 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS6AI score0.15339EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago15 views

Dozzle - Server Side Request Forgery

Dozzle prior to 10.5.2 contains a server-side request forgery caused by unauthenticated access to POST /api/notifications/test-webhook forwarding attacker-controlled URLs, letting remote attackers send arbitrary HTTP POST requests and receive response data, exploit requires no authentication. id:...

8.6CVSS6.1AI score0.01491EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday35 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.5AI score0.53372EPSS
Exploits1References2
NVD
NVD
added 2 days ago6 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-41899 Coolify unauthenticated feedback endpoint allows Discord webhook abuse

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-44937 SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS0.00496EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41867

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS6AI score0.00496EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-44937

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS6AI score0.00496EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago17 views

CVE-2026-44937

Summary: An unauthenticated webhook vulnerability in SUSE Rancher Fleet (versions prior to 0.15.2, 0.14 prior to 0.14.6, 0.13 prior to 0.13.11, 0.12 prior to 0.12.15) allows forging webhook requests via regex-based injection from unsanitized repository URL components, potentially enabling DoS or ...

8.3CVSS6AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-11855 Simple Membership < 4.7.5 - Unauthenticated Stored XSS via Stripe Webhook API Version

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-11855

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

8.8CVSS6.1AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-11855

CVE-2026-11855 affects the Simple Membership WordPress plugin prior to 4.7.5. The issue arises because Stripe webhook requests are not authenticated when no signing secret is configured, and a value taken from those requests is not escaped before being output in an administrator notice. This lead...

8.8CVSS6.1AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-14628

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS0.00551EPSS
Exploits1References5
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-14628 NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS0.00551EPSS
Exploits1References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41673

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extractmedia of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is...

6.9CVSS5.8AI score0.00551EPSS
Exploits1References5
Rows per page
Query Builder