Lucene search
K

3653 matches found

OSV
OSV
added 2025/03/13 2:46 p.m.10 views

GO-2025-3509 Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server

Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server...

8.5CVSS6.7AI score0.00246EPSS
Exploits0References6
Veracode
Veracode
added 2025/03/13 3:23 a.m.8 views

Repository Takeover

github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...

8.5CVSS6.7AI score0.00246EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/12 7:15 a.m.2 views

CVE-2024-13838

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...

3.8CVSS5.8AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/12 7:0 a.m.10 views

CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...

5.5CVSS5.4AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.9 views

PT-2025-11000 · WordPress · The Uncanny Automator – Easy Automation

Name of the Vulnerable Software and Affected Versions: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress versions up to, and including, 6.2 Description: The issue allows authenticated attackers with Administrator-level access and above t...

5.5CVSS9AI score0.00279EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.5 views

WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Uncanny Automator - Easy...

5.5CVSS8.8AI score0.00279EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/11 11:35 p.m.4 views

WordPress Uncanny Automator plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability

Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Uncanny Automator versions = 6.2...

5.5CVSS8.9AI score0.00279EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/03/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-22175

GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...

9.8CVSS7.3AI score0.53372EPSS
Exploits1References1
OSV
OSV
added 2025/03/10 10:24 p.m.6 views

GHSA-9M63-33Q3-XQ5X Vela Server Has Insufficient Webhook Payload Data Verification

Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...

8.5CVSS8.4AI score0.00246EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/03/10 10:24 p.m.10 views

Vela Server Has Insufficient Webhook Payload Data Verification

Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...

8.5CVSS7AI score0.00246EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/03/10 7:15 p.m.10 views

CVE-2025-27616

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2025/03/10 6:56 p.m.76 views

CVE-2025-27616

Vela Server (CI/CD framework) is affected in versions prior to 0.25.3 and 0.26.3. By spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo-level CI secrets to another repository. Those secrets could be exfiltrate...

8.5CVSS7AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/10 6:56 p.m.13 views

CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.3 views

Vela Server 安全漏洞

Vela Server is a Vela open source pipeline automation CI/CD framework built on Linux container technology. A security vulnerability exists in Vela Server versions prior to 0.25.3 and prior to 0.26.3, which stems from a possible repository ownership transfer and secret disclosure via a spoofed...

8.5CVSS6.1AI score0.00246EPSS
Exploits0References6
Wordfence Blog
Wordfence Blog
added 2025/03/06 5:6 p.m.63 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

6.4CVSS10AI score0.03858EPSS
Exploits20
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.15 views

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: supercronic, dask-gateway, kubernetes-dashboard-web, fluent-operator, grafana-operator, flux, temporal, kaf, podman, kubernetes-csi-livenessprobe, cloud-provider-aws, redka, spire-controller-manager, cert-manager-webhook-pdns, bank-vaults, vault-benchmark, age, wgcf,...

5.9AI score
Exploits0
Snyk
Snyk
added 2025/02/21 10:15 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the webhook integration process. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting malicious payloads into the webhook settings. Details Cross-site...

5.9CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/21 9:50 p.m.7 views

Malicious code in transaction-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/02/21 9:50 p.m.4 views

MAL-2025-191909 Malicious code in transaction-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/21 4:50 p.m.3 views

Malicious code in spacelift-webhook-receiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6bb9dc87c1669be92bee0be50a372fb87d1d92064bc4db257131d4323c2783e9 The OpenSSF Package Analysis project identified 'spacelift-webhook-receiver' @ 1.1.0 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
Rows per page
Query Builder