208 matches found
Perplexity AI ignores no-crawling rules on websites, crawls them anyway
Imagine putting up a no-trespassing sign for people walking their dogs, and then finding out that one person dresses up their Great Dane as a calf and walks it on your grounds. Well that's sort of what AI answer engine Perplexity has been doing, by evading the no-crawl directives of websites,...
Malicious code in crawl-requests (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads t...
CVE-2024-12450
In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow
In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...
PT-2025-12136 · Unknown +1 · Infiniflow/Ragflow +1
Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.12.0 Description: The web crawl function in document app.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal networ...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
Malicious code in pagegraph-crawl (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851 SSRF Vulnerability in stangirard/quivr
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851 SSRF Vulnerability in stangirard/quivr
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
CVE-2024-4851
The CVE-2024-4851 entry concerns stangirard/quivr v0.0.204 with a Server-Side Request Forgery in the crawl endpoint. The issue arises from the url parameter allowing requests to arbitrary URLs, enabling SSRF to access internal networks via backend/routes/crawl_routes.py (crawl_endpoint). The haza...
Quivr Code Issue Vulnerability
Quivr is an artificial intelligence application open-sourced by Quivr. A code issue vulnerability exists in Quivr that stems from a server-side request forgery vulnerability in the crawlendpoint function...
PT-2024-33128 · Unknown · Stangirard/Quivr
Name of the Vulnerable Software and Affected Versions: stangirard/quivr version 0.0.204 Description: A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, which allows attackers to access internal networks. The vulnerability is present in the "crawl endpoint...
PT-2024-19521 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality. This makes it possible for remote attackers to scan ports in the local environment. Recommendations: For SEO Panel version 4.10.0,...
SEO Panel Security Breach
SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.10.0, which stems from a stored server segment request forgery vulnerability in the Crawl Meta Data feature that allows remote attackers to scan ports in t...
Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings
Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...
JSpector - A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues
JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation 1. Download the late...
Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources
xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...
Katana - A Next-Generation Crawling And Spidering Framework
A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...