CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/05/11 8:25 p.m.•3 views

CVE-2026-42601

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...

9.8CVSS5.9AI score0.00061EPSS

Exploits1References1

NVD•added 2026/05/09 8:16 p.m.•7 views

CVE-2026-42601

9.8CVSS0.00061EPSS

Exploits1References1

Vulnrichment•added 2026/05/09 7:29 p.m.•2 views

CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

9.3CVSS5.9AI score0.00061EPSS

Exploits1References1

ATTACKERKB•added 2026/05/09 7:29 p.m.•2 views

CVE-2026-42601

9.3CVSS5.9AI score0.00061EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/09 7:29 p.m.•2 views

EUVD-2026-28935

9.3CVSS5.9AI score0.00061EPSS

Exploits1References1

Cvelist•added 2026/05/09 7:29 p.m.•30 views

CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

9.3CVSS0.00061EPSS

Exploits1References1

CVE•added 2026/05/09 7:29 p.m.•9 views

CVE-2026-42601

ArchiveBox CVE-2026-42601 affects ArchiveBox ≤ 0.8.6rc0. The /add/ endpoint (AddView in core/views.py) accepts a config JSON that is merged into the crawl config without validation, and this config is exported as environment variables for archive plugins, enabling injection of arbitrary tool argu...

9.8CVSS5.9AI score0.00061EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/05/09 12:0 a.m.•2 views

ArchiveBox 参数注入漏洞

ArchiveBox is a powerful, open-source, and self-hosted internet archiving solution developed by ArchiveBox. It is designed for collecting, storing, and viewing websites that you want to save offline. ArchiveBox versions 0.8.6rc0 and earlier have a parameter injection vulnerability. This...

9.8CVSS6.3AI score0.00061EPSS

Exploits1References1

OSV•added 2026/05/04 9:30 p.m.•1 views

GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.3AI score0.00061EPSS

Exploits1References3

Snyk•added 2026/05/04 9:30 p.m.•6 views

Arbitrary Argument Injection

Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...

9.8CVSS6.3AI score0.00061EPSS

Exploits1References2

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36977

Name of the Vulnerable Software and Affected Versions ArchiveBox affected versions not specified Description The '/add/' endpoint AddView in core/views.py allows the injection of arbitrary configuration into crawl jobs because the config JSON field is merged without validation. This configuration...

9.3CVSS6.4AI score0.00061EPSS

Exploits1References8

RedhatCVE•added 2026/01/09 9:27 a.m.•4 views

CVE-2023-45815

ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...

6.4CVSS6.5AI score0.02006EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-0044

Malicious code in bioql PyPI...

6.4CVSS5.6AI score0.02006EPSS

Exploits1References12

Veracode•added 2023/10/20 8:35 a.m.•19 views

Cross Site Scripting

archivebox is vulnerable to Cross Site Scripting. The vulnerability is due to wget extractor in ArchiveBox, which allows malicious JavaScript in archived pages to execute and act as an admin, especially when the user viewed the pages during a browser session in which logged into the ArchiveBox...

6.4CVSS7AI score0.02006EPSS

Exploits1References2Affected Software1

NVD•added 2023/10/19 10:15 p.m.•13 views

CVE-2023-45815

6.4CVSS6.3AI score0.02006EPSS

Exploits1References2

PyPA•added 2023/10/19 10:15 p.m.•6 views

PYSEC-2023-229

6.4CVSS6.5AI score0.02006EPSS

Exploits1References4Affected Software1

Prion•added 2023/10/19 10:15 p.m.•10 views

Cross site request forgery (csrf)

4.9CVSS5.3AI score0.02006EPSS

Exploits1References2Affected Software1

CVE•added 2023/10/19 9:5 p.m.•71 views

CVE-2023-45815

The CVE-2023-45815 entry concerns ArchiveBox, an open source self-hosted web archiving system. The provided documents describe a vulnerability tied to the wget extractor: when a logged-in admin views archived pages, malicious JavaScript served from the same host can execute in the admin session, ...

6.4CVSS5.8AI score0.02006EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/10/19 9:5 p.m.•19 views

CVE-2023-45815 Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox

6.4CVSS6.5AI score0.02006EPSS

Exploits1References2

OSV•added 2023/10/19 9:5 p.m.•16 views

CVE-2023-45815 Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox

6.4CVSS5.3AI score0.02006EPSS

Exploits1References4

Rows per page