Lucene search
K

709 matches found

NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-35626

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

6.9CVSS0.00494EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31762

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

6.9CVSS5.9AI score0.00494EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 6:2 p.m.22 views

CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:2 p.m.2 views

CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS5.8AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 8:24 p.m.14 views

CVE-2026-39401

Cronicle prior to 0.9.111 is affected by CVE-2026-39401. The vulnerability arises when jb child processes can include an update_event key in their JSON output, which the server applies directly to the parent event’s stored configuration without authorization. A low-privilege user who can create a...

5.4CVSS5.9AI score0.00178EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/07 9:31 a.m.3 views

EUVD-2026-19584

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 7:40 a.m.25 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:40 a.m.2 views

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.15 views

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References6
OSV
OSV
added 2026/04/04 6:4 a.m.5 views

GHSA-FCM4-4PJ2-M5HF Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step

Summary An unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. Details...

9CVSS6.2AI score0.11982EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-34590

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

5.4CVSS5.8AI score0.00226EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/02 5:26 p.m.4 views

EUVD-2026-18452

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

5.4CVSS5.8AI score0.00226EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.4 contained code vulnerabilities. These vulnerabilities stemmed from the lack of a verifier that prevents internal/private network addresses being used for the POST...

5.4CVSS5.9AI score0.00226EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 6:31 p.m.12 views

EUVD-2026-17532

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 5:16 p.m.15 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:30 p.m.5 views

CVE-2026-5205

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 4:30 p.m.13 views

CVE-2026-5205

The CVE-2026-5205 vulnerability affects chatwoot up to version 4.11.2, specifically the Webhooks::Trigger function in lib/webhooks/trigger.rb of the Webhook API. The root cause is manipulation of the argument url, enabling server-side request forgery (SSRF). The issue is exploitable remotely, wit...

6.5CVSS6.4AI score0.00259EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/31 2:18 p.m.171 views

Exploit for Server-Side Request Forgery in Useplunk Plunk

CVE-2026-32096 SSRF via unvalidated AWS SNS SubscriptionCon...

9.3CVSS6AI score0.00273EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29296

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Chatwoot 代码问题漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Versions of Chatwoot prior to 4.11.2 contained a code vulnerability. This...

6.5CVSS6.7AI score0.00259EPSS
Exploits0References3
Rows per page
Query Builder