Lucene search
K

7 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/09 7:29 p.m.38 views

CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...

9.3CVSS0.00404EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/04 9:30 p.m.11 views

Arbitrary Argument Injection

Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...

9.8CVSS6.3AI score0.00404EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 9:30 p.m.4 views

GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.6AI score0.00404EPSS
Exploits1References5
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.29 views

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

7.3AI score0.03871EPSS
Exploits0References5
NVD
NVD
added 2002/07/26 4:0 a.m.22 views

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

7.5CVSS7.3AI score0.03871EPSS
Exploits0References5
CERT
CERT
added 2002/06/05 12:0 a.m.29 views

Yahoo! Messenger "addview" function allows for the automatic execution of malicious script contained in web pages

Overview Yahoo! Messenger is an instant messaging client. When installed, Yahoo! Messenger enables a URI handler ymsgr :parameter. The addview function of this handler can be used to execute arbitrary script/html on the local system. Description The addview feature of Yahoo! Messenger is used to...

7.5CVSS6.3AI score0.03871EPSS
Exploits0References2
Rows per page
Query Builder