Lucene search
K

697 matches found

Snyk
Snyk
added 2026/05/20 3:35 p.m.9 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score0.00026EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.9 views

CVE-2026-8725

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 9:16 a.m.26 views

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:9 a.m.9 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:9 a.m.12 views

EUVD-2026-30748

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 8:9 a.m.51 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:9 a.m.8 views

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.15 views

PT-2026-41650

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/05/17 12:45 a.m.20 views

CVE-2026-8725

CoreWorxLab CAAL,

7.5CVSS6.7AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:45 a.m.23 views

EUVD-2026-30676

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:45 a.m.44 views

CVE-2026-8725 CoreWorxLab CAAL test-hass Endpoint webhooks.py server-side request forgery

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS0.00309EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:45 a.m.9 views

CVE-2026-8725

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.11 views

PT-2026-41471

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.8 views

CAAL 代码问题漏洞

CAAL is a self-hosted voice assistant developed by CoreWorxLab, ensuring data and keys are secure. Versions of CAAL 1.6.0 and earlier contain code vulnerabilities. These vulnerabilities stem from unknown functions in the src/caal/webhooks.py file within the test-hass endpoint, which involve...

7.5CVSS7.2AI score0.00309EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:34 a.m.26 views

Improper Authentication

github.com/QuantumNous/new-api is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of Stripe webhook events, which allows an attacker to forge webhook requests and fraudulently credit quota to an account without making a payment...

8.2CVSS5.8AI score0.00259EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/12 9:31 p.m.13 views

EUVD-2026-29749

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS6AI score0.00371EPSS
Exploits0References2
MongoDB
MongoDB
added 2026/05/12 6:37 p.m.10 views

Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS6AI score0.00371EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

MongoDB Ops Manager 命令注入漏洞

MongoDB Ops Manager is a solution developed by the American company MongoDB, designed for managing, monitoring, and backing up MongoDB deployments. MongoDB Ops Manager has a command injection vulnerability, which stems from executing arbitrary commands when configuring Webhooks. The following...

9.4CVSS5.9AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40350

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS6AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder