Lucene search
K

259 matches found

NVD
NVD
added 2024/02/26 4:27 p.m.9 views

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS4AI score0.00517EPSS
Exploits1References3
PyPA
PyPA
added 2024/02/26 4:27 p.m.5 views

PYSEC-2024-235

With the following crawler configuration:pythonfrom bs4 import BeautifulSoup as Soupurl = "https://example.com"loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".textdocs = loader.loadAn attacker in control of the contents of https://example.com could place ...

8.1CVSS6.7AI score0.00517EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/02/26 4:27 p.m.7 views

PYSEC-2024-235

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS7.9AI score0.00517EPSS
Exploits1References3
Prion
Prion
added 2024/02/26 4:27 p.m.39 views

Design/Logic Flaw

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

2.3CVSS7.1AI score0.00517EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

LangChain Code Issues Vulnerabilities

LangChain is building applications using LLM through composability. LangChain is vulnerable to a code issue. An attacker could use this vulnerability to place a malicious HTML file with a link such as "https://example.completely.different/myfile.html" in it, allowing the crawler to continue...

8.1CVSS7AI score0.00517EPSS
Exploits1References3
CVE
CVE
added 2024/02/24 5:59 p.m.87 views

CVE-2024-0243

LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...

8.1CVSS3.8AI score0.00517EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/01/02 12:0 a.m.5 views

spider-flow security vulnerability

spider-flow is an open source crawler platform by sssssssss-team. A security vulnerability exists in spider-flow version 0.4.3. An attacker exploited the vulnerability to cause code injection...

9.8CVSS7.1AI score0.19403EPSS
Exploits4References4
Kitploit
Kitploit
added 2024/01/01 11:30 a.m.34 views

Pantheon - Insecure Camera Parser

Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. Functionalities Pantheon allows users to execute an API crawler. There was original functionality without the use of...

7.2AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/10/11 12:30 p.m.7 views

com.digitalpebble.stormcrawler:storm-crawler-solr (=2.11), com.github.paulcwarren:content-solr-spring-boot-starter (=3.0.7) +108 more potentially affected by CVE-2023-44981 via org.apache.zookeeper:zookeeper (=3.9.0)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.zookeeper:zookeeper and may be impacted: - com.digitalpebble.stormcrawler:storm-crawler-solr =2.11 -...

9.1CVSS6.7AI score0.01713EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/03/20 9:27 p.m.10 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...

9.9CVSS7.1AI score0.00722EPSS
Exploits0
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.4 views

Hour of Code 安全漏洞

Hour of Code is an application for ming individual developers. It uses Python to create a web crawler. A security vulnerability exists in Hour of Code, which stems from a code execution backdoor via request packets that can be exploited by an attacker to access sensitive user information and...

9.8CVSS9.2AI score0.01207EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.8 views

Z-BlogPHP 代码问题漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...

9.8CVSS8.5AI score0.01208EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.5 views

Fedora: Security Advisory for golang-github-gocolly-colly-2 (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 1:57 a.m.18 views

[SECURITY] Fedora 36 Update: golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36

Elegant Scraper and Crawler Framework for Golang...

1.6AI score
Exploits0
Fedora
Fedora
added 2022/07/17 1:15 a.m.26 views

[SECURITY] Fedora 35 Update: golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc35

Elegant Scraper and Crawler Framework for Golang...

9.3CVSS1.6AI score0.05994EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2022/05/24 4:51 p.m.10 views

com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +91 more potentially affected by CVE-2019-0202 via org.apache.storm:storm-core (>=0.9.3 <=1.2.2)

org.apache.storm:storm-core MAVEN version =0.9.3, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =0.3.4, =0.4.1 - com.github.ptgoetz:flux =0.1.0 and more Source cves: CVE-2019-0202 Source advisory: OSV:GHSA-R9PV-HG64-JQRP...

7.5CVSS6.7AI score0.02043EPSS
Exploits0
Kitploit
Kitploit
added 2022/05/20 9:30 p.m.19 views

Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...

7.7AI score
Exploits0References8
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploited the vulnerability to read the cache of an anonymous i.e., not logged in user, thereby...

5.3CVSS5.7AI score0.00976EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.5 views

PT-2022-16903 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...

5.3CVSS5AI score0.00976EPSS
Exploits0References7
CNVD
CNVD
added 2022/03/04 12:0 a.m.20 views

Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)

Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...

8.8CVSS2.7AI score0.01243EPSS
Exploits1References1
Rows per page
Query Builder