CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

OSSF Malicious Packages•added 2026/05/19 7:42 p.m.•7 views

Malicious code in crw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597 Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface...

5.8AI score

Exploits0References2

OSV•added 2026/05/19 7:42 p.m.•3 views

MAL-2026-4746 Malicious code in crw (PyPI)

5.8AI score

Exploits0References2

RedhatCVE•added 2026/03/27 10:51 p.m.•2 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00068EPSS

Exploits0References1

EUVD•added 2026/03/26 6:31 p.m.•1 views

EUVD-2026-16275

7.8CVSS5.8AI score0.00068EPSS

Exploits0References4

NVD•added 2026/03/26 6:16 p.m.•1 views

CVE-2026-32857

8.6CVSS0.00015EPSS

Exploits0References3

Vulnrichment•added 2026/03/26 5:29 p.m.•0 views

CVE-2026-32857 Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation

8.6CVSS5.9AI score0.00015EPSS

Exploits0References3

CVE•added 2026/03/26 5:29 p.m.•4 views

CVE-2026-32857

Firecrawl versions 2.8.0 and earlier contain a server-side request forgery (SSRF) protection bypass in the Playwright scraping service. The issue arises because network policy validation is applied only to the initial user-supplied URL and not to subsequent redirected destinations, enabling an ex...

8.6CVSS5.8AI score0.00015EPSS

Exploits0References3

ATTACKERKB•added 2026/03/26 5:29 p.m.•2 views

CVE-2026-32857

7.8CVSS5.8AI score0.00068EPSS

Exploits0References4

CNNVD•added 2026/03/26 12:0 a.m.•2 views

Firecrawl 代码问题漏洞

Firecrawl is an open-source AI web crawler tool developed by Mendable.ai. Versions of Firecrawl 2.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the Playwright crawling service, where server-side request forgery protection was bypassed, potentially...

8.6CVSS5.9AI score0.00015EPSS

Exploits0References3

Positive Technologies•added 2026/03/26 12:0 a.m.•2 views

PT-2026-28444

Name of the Vulnerable Software and Affected Versions Firecrawl versions 2.8.0 and earlier Description The software contains a server-side request forgery SSRF protection bypass in the Playwright scraping service. The network policy validation is applied only to the initial URL provided by the us...

8.6CVSS5.9AI score0.00015EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-25816

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00084EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-53433

Malicious code in bioql PyPI...

7.4CVSS6.4AI score0.00068EPSS

Exploits0References2

RedhatCVE•added 2025/08/30 6:19 p.m.•1 views

CVE-2025-57818

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

6.3CVSS7AI score0.00084EPSS

Exploits0References1

NVD•added 2025/08/26 6:15 p.m.•1 views

CVE-2025-57818

6.3CVSS0.00084EPSS

Exploits0References4

Vulnrichment•added 2025/08/26 5:52 p.m.•1 views

CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook

6.3CVSS6.4AI score0.00084EPSS

Exploits0References4

CVE•added 2025/08/26 5:52 p.m.•10 views

CVE-2025-57818

CVE-2025-57818 : Firecrawl prior to version 2.0.1 contains an SSRF vulnerability in its webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, potentially enabling access to internal systems. The issue is fixed in ver...

6.3CVSS6.5AI score0.00084EPSS

Exploits0References4

Positive Technologies•added 2025/08/26 12:0 a.m.•1 views

PT-2025-34801 · Firecrawl · Firecrawl

Name of the Vulnerable Software and Affected Versions: Firecrawl versions prior to 2.0.1 Description: Firecrawl is a tool that converts websites into LLM-ready markdown or structured data. A server-side request forgery SSRF vulnerability exists in the webhook functionality of Firecrawl...

6.3CVSS7.2AI score0.00084EPSS

Exploits0References10

CNNVD•added 2025/08/26 12:0 a.m.•1 views

Firecrawl 代码问题漏洞

Firecrawl is an open source AI web crawler tool from Mendable.ai. A code issue vulnerability exists in Firecrawl versions prior to 2.0.1, which stems from a server-side request forgery vulnerability in the webhook functionality that could lead to access to internal systems...

6.3CVSS6.8AI score0.00084EPSS

Exploits0References5

Kitploit•added 2025/05/06 12:30 p.m.•39 views

Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients

A Model Context Protocol MCP server implementation that integrates with Firecrawl for web scraping capabilities. Big thanks to @vrknetha, @cawstudios for the initial implementation! You can also play around with our MCP Server on MCP.so's playground. Thanks to MCP.so for hosting and @gstarwd for...

7.2AI score

Exploits0References5

RedhatCVE•added 2025/02/05 9:21 a.m.•6 views

CVE-2024-56800

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

7.4CVSS6.5AI score0.00068EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by