3653 matches found
GO-2025-3509 Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server
Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server...
Repository Takeover
github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...
CVE-2024-13838
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...
CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...
PT-2025-11000 · WordPress · The Uncanny Automator – Easy Automation
Name of the Vulnerable Software and Affected Versions: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress versions up to, and including, 6.2 Description: The issue allows authenticated attackers with Administrator-level access and above t...
WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Uncanny Automator - Easy...
WordPress Uncanny Automator plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability
Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Uncanny Automator versions = 6.2...
VulnCheck KEV: CVE-2021-22175
GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...
GHSA-9M63-33Q3-XQ5X Vela Server Has Insufficient Webhook Payload Data Verification
Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...
Vela Server Has Insufficient Webhook Payload Data Verification
Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...
CVE-2025-27616
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616
Vela Server (CI/CD framework) is affected in versions prior to 0.25.3 and 0.26.3. By spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo-level CI secrets to another repository. Those secrets could be exfiltrate...
CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
Vela Server 安全漏洞
Vela Server is a Vela open source pipeline automation CI/CD framework built on Linux container technology. A security vulnerability exists in Vela Server versions prior to 0.25.3 and prior to 0.26.3, which stems from a possible repository ownership transfer and secret disclosure via a spoofed...
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: supercronic, dask-gateway, kubernetes-dashboard-web, fluent-operator, grafana-operator, flux, temporal, kaf, podman, kubernetes-csi-livenessprobe, cloud-provider-aws, redka, spire-controller-manager, cert-manager-webhook-pdns, bank-vaults, vault-benchmark, age, wgcf,...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the webhook integration process. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting malicious payloads into the webhook settings. Details Cross-site...
Malicious code in transaction-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...
MAL-2025-191909 Malicious code in transaction-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1efc9cf33a18e7f3c4294c39aabadf136974e4e2ee56c874ba337ac609c6b77 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...
Malicious code in spacelift-webhook-receiver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6bb9dc87c1669be92bee0be50a372fb87d1d92064bc4db257131d4323c2783e9 The OpenSSF Package Analysis project identified 'spacelift-webhook-receiver' @ 1.1.0 npm as malicious. It is considered malicious because: - The...