14 matches found
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
PYSEC-2026-33
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
PYSEC-2026-33
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216
CVE-2026-26216 affects Crawl4AI before 0.8.0 in its Docker API deployment. The /crawl endpoint accepts a hooks parameter that contains Python code executed with exec(), with import included in allowed builtins, enabling unauthenticated remote code execution. Impact includes full server compromise...
PT-2026-7855
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0 Description Crawl4AI is affected by a remote code execution issue in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The inclusion of...
EUVD-2024-44430
Malicious code in bioql PyPI...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851
The CVE-2024-4851 entry concerns stangirard/quivr v0.0.204 with a Server-Side Request Forgery in the crawl endpoint. The issue arises from the url parameter allowing requests to arbitrary URLs, enabling SSRF to access internal networks via backend/routes/crawl_routes.py (crawl_endpoint). The haza...
CVE-2024-4851 SSRF Vulnerability in stangirard/quivr
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
PT-2024-33128 · Unknown · Stangirard/Quivr
Name of the Vulnerable Software and Affected Versions: stangirard/quivr version 0.0.204 Description: A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, which allows attackers to access internal networks. The vulnerability is present in the "crawl endpoint...
Quivr Code Issue Vulnerability
Quivr is an artificial intelligence application open-sourced by Quivr. A code issue vulnerability exists in Quivr that stems from a server-side request forgery vulnerability in the crawlendpoint function...