Lucene search
K

208 matches found

Malwarebytes
Malwarebytes
added 2025/08/06 12:45 p.m.7 views

Perplexity AI ignores no-crawling rules on websites, crawls them anyway

Imagine putting up a no-trespassing sign for people walking their dogs, and then finding out that one person dresses up their Great Dane as a calf and walks it on your grounds. Well that's sort of what AI answer engine Perplexity has been doing, by evading the no-crawl directives of websites,...

6.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/31 7:14 p.m.5 views

Malicious code in crawl-requests (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/04/28 11:31 a.m.3 views

CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads t...

6.9CVSS5.5AI score0.00673EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/03/22 1:12 p.m.17 views

CVE-2024-12450

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

9.8CVSS7.6AI score0.01211EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:11 a.m.10 views

CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

6.5CVSS6.7AI score0.01211EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12136 · Unknown +1 · Infiniflow/Ragflow +1

Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.12.0 Description: The web crawl function in document app.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal networ...

9.8CVSS6.8AI score0.01211EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/05 12:5 a.m.8 views

CVE-2024-4851

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS7.6AI score0.00576EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/09 3:29 a.m.2 views

Malicious code in pagegraph-crawl (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
NVD
NVD
added 2024/06/06 7:16 p.m.24 views

CVE-2024-4851

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS0.00576EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 6:39 p.m.8 views

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS7.2AI score0.00576EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/06 6:39 p.m.28 views

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS0.00576EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:39 p.m.58 views

CVE-2024-4851

The CVE-2024-4851 entry concerns stangirard/quivr v0.0.204 with a Server-Side Request Forgery in the crawl endpoint. The issue arises from the url parameter allowing requests to arbitrary URLs, enabling SSRF to access internal networks via backend/routes/crawl_routes.py (crawl_endpoint). The haza...

7.7CVSS7.6AI score0.00576EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Quivr Code Issue Vulnerability

Quivr is an artificial intelligence application open-sourced by Quivr. A code issue vulnerability exists in Quivr that stems from a server-side request forgery vulnerability in the crawlendpoint function...

7.7CVSS7.1AI score0.00576EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-33128 · Unknown · Stangirard/Quivr

Name of the Vulnerable Software and Affected Versions: stangirard/quivr version 0.0.204 Description: A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, which allows attackers to access internal networks. The vulnerability is present in the "crawl endpoint...

7.7CVSS7.7AI score0.00576EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.16 views

PT-2024-19521 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality. This makes it possible for remote attackers to scan ports in the local environment. Recommendations: For SEO Panel version 4.10.0,...

5.3CVSS7.2AI score0.00609EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.5 views

SEO Panel Security Breach

SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.10.0, which stems from a stored server segment request forgery vulnerability in the Crawl Meta Data feature that allows remote attackers to scan ports in t...

5.3CVSS6.5AI score0.00609EPSS
Exploits1References2
Qualys Blog
Qualys Blog
added 2023/10/25 6:34 p.m.30 views

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2023/10/15 11:30 a.m.29 views

JSpector - A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues

JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation 1. Download the late...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2023/08/09 12:30 p.m.78 views

Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources

xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...

7.1AI score
Exploits0References8
Kitploit
Kitploit
added 2023/04/19 12:30 p.m.60 views

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...

7AI score
Exploits0References9
Rows per page
Query Builder