This page collects WhisperX intelligence signals tagged #webhook. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in a GitHub repository's webhook system. The flaw allows a merchant to specify a webhook URL pointing to `127.0.0.1` or other loopback addresses, which could force the application's API to perform port scans against its own server instance....
A critical Server-Side Request Forgery (SSRF) vulnerability exists in the webhook creation handler, allowing attackers to force the server to make HTTP requests to internal network addresses. The flaw is located in `internal/handlers/webhook.go` at lines 65-69, where the handler fails to validate the scheme or destinat...
A critical security vulnerability was discovered in the application's Meta webhook integration, where a guessable default string could allow attackers to bypass endpoint verification. The flaw resided in the `api/webhooks.ts` file, which used the hardcoded fallback value `'your-webhook-verify-token-here'` for the `WEBH...
A critical security vulnerability in a notification handler's webhook URL validation allows attackers to bypass internal network protections using IPv6 addresses. The flaw, marked as high severity, resides in the `notifications:save-webhook` IPC handler within the codebase. The validation logic incorrectly compares the...
A critical architectural weakness in the Atlas webhook plugin leaves the system exposed to unbounded agent invocations if a channel secret is compromised. The `POST /webhook/:channelId` endpoint — found in `plugins/webhook/src/routes.ts:115-236` — executes queries synchronously upon successful authentication, triggerin...
A P0 vulnerability in the Linear webhook handler permits unauthenticated remote code execution-equivalent access through a signature verification bypass. The flaw, residing in `backend/routers/linear_webhook.py:82-101`, causes the `_verify_linear_signature` function to return `True` when both `signature_header` and `se...
A critical security gap has been identified in the Cal.com platform's Google Calendar webhook endpoint, potentially exposing users to unauthorized calendar manipulation. The vulnerability, classified as HIGH severity, exists in the `/api/webhook/google-calendar` route, where incoming webhook requests bypass essential s...
An architecture review has flagged a critical Server-Side Request Forgery (SSRF) vulnerability in the platform's automation engine that could expose internal infrastructure to tenant compromise. The flaw resides in the webhook action type, which allows customers to configure POST requests to arbitrary URLs. Security au...