CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

657 matches found

n8n Webhooks - Remote Code Execution

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

10CVSS6.2AI score0.06939EPSS

Exploits16References2

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgeing. This vulnerability allows authenticated users with connector management privileges to bypass the connectio...

7.7CVSS5.8AI score0.00033EPSS

Exploits0References2

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-4915

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service server process termination via a crafted webhook...

6.5CVSS5.8AI score0.00047EPSS

Exploits0References1

NVD•added 2026/05/25 3:16 p.m.•8 views

CVE-2026-47067

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table defaults to a...

8.7CVSS0.00049EPSS

Exploits1References4

Snyk•added 2026/05/25 10:59 a.m.•2 views

Improper Check for Unusual or Exceptional Conditions

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the outgoing webhook process. An attacker can cause the server to terminate unexpectedly b...

7.1CVSS5.8AI score0.00047EPSS

Exploits0References2

Cvelist•added 2026/05/22 6:43 p.m.•4 views

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS0.00031EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/22 9:9 a.m.•5 views

Malicious code in @pisell/pisellos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11b6f8e400f4de371e79ce547444daf3787d6217037ea2e8d05c8ba86cbfbb2 The package advertises itself as a point-of-sale / venue-booking SDK, but its ScanOrderImpl and VenueBookingImpl solution classes register a default...

5.8AI score

Exploits0References6

OSV•added 2026/05/22 9:9 a.m.•2 views

MAL-2026-4417 Malicious code in @pisell/pisellos (npm)

5.8AI score

Exploits0References6

Imperva Blog•added 2026/05/22 7:9 a.m.•7 views

Real-Time Webhook Notifications: No More Lost Security Alerts

Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a spam rule. By the time anyone sees it, the incident is already in full swing—no ticket opened, no Slack message sent, no automated workflow triggered. The...

5.7AI score

Exploits0

OSV•added 2026/05/21 12:43 p.m.•2 views

MAL-2026-4492 Malicious code in autoheal-dev-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d autoheal-dev-cli is a setup wizard bin/setup.js that, when run, performs three installer-harm actions against the developer running it: 1...

5.9AI score

Exploits0References9

Snyk•added 2026/05/20 3:35 p.m.•5 views

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

6.9CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/20 3:35 p.m.•5 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/05/18 1:58 p.m.•6 views

CVE-2026-8725

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.0005EPSS

Exploits0References1

NVD•added 2026/05/18 9:16 a.m.•9 views

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS0.00035EPSS

Exploits0References1