Lucene search
+L

6 matches found

Cvelist
Cvelist
added 2026/07/06 8:16 p.m.36 views

CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 5:25 p.m.5 views

GHSA-R253-R9JW-QG44 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Summary The Docker API server accepted a request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command --utility-cmd-prefix, --renderer-cmd-prefix, --gpu-launcher,...

10CVSS6.5AI score0.00523EPSS
Exploits0References2
CVE
CVE
added 2024/07/01 9:33 p.m.55 views

CVE-2024-39314

The CVE-2024-39314 issue affects toy-blog versions 0.4.3 to before 0.5.0, where the administrative password was leaked via a command line parameter (root cause: command line exposure). A fix is available in version 0.5.0. As a workaround, versions 0.4.14 and later can pass the bearer token via st...

4.7CVSS5AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/01 9:33 p.m.34 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/01 9:33 p.m.18 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS7.2AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2005/09/02 11:3 p.m.4 views

DEBIAN-CVE-2005-2772

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via 1 a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and 2 certain arguments when launching third party programs such as...

7.5CVSS7.8AI score0.10038EPSS
Exploits1References1
Rows per page
Query Builder