Lucene search
+L

733 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62234

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...

8.4CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2025-71388

CVE-2025-71388 affects stoatchat (delta/Revolt) versions from 20241213-1 up to before 20250210-1. The issue stems from the webhook fetch endpoint checking ViewChannel (read) instead of ManageWebhooks, allowing users with only channel read permission to retrieve the channel’s webhooks and their to...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago42 views

n8n Webhooks - Remote Code Execution

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

10CVSS7.2AI score0.71647EPSS
Exploits18References2
NVD
NVD
added 5 days ago5 views

CVE-2026-11964

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

9.1CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-56252

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS0.00169EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43225

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS6.2AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-56252 Capgo - Scope Isolation Failure in Webhook Test Endpoint

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 6 days ago20 views

CVE-2026-56252

Capgo before 12.128.2 is affected by a scope isolation vulnerability in the POST /webhooks/test endpoint. The issue allows app-scoped API keys to invoke organization-scoped webhook operations, enabling attackers with app-scoped credentials to trigger signed outbound webhook deliveries for arbitra...

5.4CVSS6.2AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

CVE-2026-56252 Capgo - Scope Isolation Failure in Webhook Test Endpoint

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.3CVSS6.2AI score0.00169EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added last week12 views

Malicious code in google-caja-bower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a [email protected] declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the...

6.1AI score
Exploits0References8
CVE
CVE
added 2026/07/10 9:31 p.m.12 views

CVE-2026-59155

Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 1:57 p.m.8 views

EUVD-2026-42880

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS6.1AI score0.00371EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 5:16 p.m.11 views

CVE-2026-15192

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:30 p.m.8 views

CVE-2026-15192

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.3AI score0.00572EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/09 4:30 p.m.6 views

EUVD-2026-42624

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.9AI score0.00572EPSS
Exploits0References6
CVE
CVE
added 2026/07/09 4:30 p.m.8 views

CVE-2026-15192

CVE-2026-15192 affects mettle SendPortal up to version 3.0.1, targeting APIv1 Webhooks. The vulnerability involves the sendgrid/postmark/postal/mailjet functions, with missing authentication reported as remotely exploitable. Public disclosure and PoC–level exploit maturity are indicated, but no e...

6.9CVSS5.9AI score0.00572EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 4:30 p.m.27 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
OSV
OSV
added 2026/07/09 4:30 p.m.4 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS6.1AI score0.00572EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/08 1:49 p.m.5 views

EUVD-2026-42258

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data...

6.3CVSS6.1AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 11:16 a.m.11 views

CVE-2026-44937

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS0.00506EPSS
Exploits0References1
Rows per page
Query Builder