Lucene search
K

40 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-61429

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-61429 PraisonAI before 1.6.78 SSRF via Crawl4AI Chromium backend

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/26 11:45 a.m.87 views

XSSaudit

XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

happy-dom 安全漏洞

Happy-Dom is a JavaScript implementation of a web browser without a graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.9 contained a security vulnerability. This vulnerability stemmed from the fetch function, which might attach cookies originating from the current...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.7 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:31 a.m.5 views

EUVD-2026-9960

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 12:16 a.m.7 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 12:16 a.m.4 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented integrated network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. A...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:56 p.m.6 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 11:56 p.m.6 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS6.1AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 11:56 p.m.15 views

CVE-2026-28725

CVE-2026-28725 affects Acronis Cyber Protect 17 (Linux and Windows) prior to build 41186. The issue is a sensitive information disclosure caused by improper configuration of a headless browser. The CVE’s impact is described as High confidentiality risk with no impact to integrity or availability,...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/05 11:56 p.m.35 views

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

5.5CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23599

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Description A sensitive information disclosure can occur due to an improper configuration of a headless browser. Recommendations Update Acronis Cyber Protect to build 41186 or later...

5.5CVSS6AI score0.0012EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/03/03 11:10 a.m.12 views

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication MFA protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/24 1:41 a.m.246 views

injectproof

InjectProof The SQL injection scanner that finds what sqlma...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0292

Malware in sbrugna...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References7
OSV
OSV
added 2025/03/26 4:15 p.m.4 views

UBUNTU-CVE-2025-27406

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...

7.6CVSS5.8AI score0.00303EPSS
Exploits0References3
CVE
CVE
added 2025/03/26 3:49 p.m.78 views

CVE-2025-27406

Technical details (affected products, versions, root cause, exploit vectors) are not provided in the connected documents. Monitor for updates.

7.6CVSS7.1AI score0.00303EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:8 a.m.13 views

CVE-2024-3149

A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS6.9AI score0.00519EPSS
Exploits1References1
Rows per page
Query Builder