Lucene search
K

265 matches found

Nuclei
Nuclei
added yesterday76 views

SpiderFlow Crawler Platform - Remote Code Execution

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack...

9.8CVSS6.3AI score0.19403EPSS
Exploits4References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in google-caja-bower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a [email protected] declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the...

6.1AI score
Exploits0References8
NVD
NVD
added 2026/07/06 9:16 p.m.11 views

CVE-2026-57573

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...

8.6CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 p.m.11 views

CVE-2026-57571

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS0.00502EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 5:25 p.m.7 views

GHSA-2JQ4-Q6VV-4CP3 Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE

Summary When the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path e.g. /etc/cron.d/evil or ../ traversal escaped the downloads directory, giving an...

9.6CVSS6.5AI score0.00502EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS5.8AI score0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 1:45 p.m.18 views

CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.8AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 1:45 p.m.3 views

CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.9AI score0.003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43257

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.8AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 8:48 p.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code...

7.6CVSS6AI score0.00389EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/21 4:24 a.m.110 views

psqli

psqli Powerfull Automatic Sql injection Tools Pack Fast...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-44140

Name of the Vulnerable Software and Affected Versions symfony/dom-crawler affected versions not specified Description The Crawler::addXmlContent function in symfony/dom-crawler sets DOMDocument::$validateOnParse to true before calling loadXML. This action re-enables libxml's DTD subset processing...

8.7CVSS6.1AI score0.00052EPSS
Exploits0References18
NVD
NVD
added 2026/05/19 10:16 a.m.13 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS0.00389EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:16 a.m.4 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6.2AI score0.00389EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:16 a.m.10 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:16 a.m.9 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:16 a.m.11 views

EUVD-2026-30854

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:16 a.m.25 views

CVE-2026-8727

The CVE-2026-8727 affects the TYPO3 Crawler extension (Site Crawler). The root cause is that the Crawler extension forwards the X-T3Crawler-Meta response header directly to PHP’s unserialize(), allowing an attacker-controlled crawled endpoint to inject arbitrary serialized PHP objects, leading to...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:16 a.m.45 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS0.00389EPSS
Exploits0References1
Rows per page
Query Builder