Lucene search
K

259 matches found

Nuclei
Nuclei
added 3 days ago38 views

SpiderFlow Crawler Platform - Remote Code Execution

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack...

9.8CVSS6.2AI score0.19403EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS5.8AI score0.00389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-44140

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

5.3CVSS5.8AI score0.00052EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/26 1:45 p.m.13 views

CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.8AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43257

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.8AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 8:48 p.m.10 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code...

7.6CVSS6AI score0.00389EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/21 4:24 a.m.94 views

psqli

psqli Powerfull Automatic Sql injection Tools Pack Fast...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/19 10:16 a.m.12 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS0.00389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:16 a.m.9 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:16 a.m.37 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS0.00389EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:16 a.m.11 views

EUVD-2026-30854

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:16 a.m.20 views

CVE-2026-8727

The CVE-2026-8727 affects the TYPO3 Crawler extension (Site Crawler). The root cause is that the Crawler extension forwards the X-T3Crawler-Meta response header directly to PHP’s unserialize(), allowing an attacker-controlled crawled endpoint to inject arbitrary serialized PHP objects, leading to...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:16 a.m.10 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41867

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

TYPO3 Extension Site Crawler 代码问题漏洞

TYPO3 Extension Site Crawler is an open-source extension for TYPO3 that handles site crawling and indexing tasks. There are code vulnerabilities in TYPO3 Extension Site Crawler; these vulnerabilities stem from the direct deserialization of the X-T3Crawler-Meta response header, which may lead to...

7.1CVSS6.1AI score0.00389EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/05/11 7:18 p.m.12 views

TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-008...

7.1CVSS5.8AI score0.00389EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2026/05/04 1:17 p.m.18 views

PortSwigger Web Security: Burp Suite Professional: browser-powered crawl can write attacker-controlled files through file input handling

A vulnerability was discovered in Burp Suite Professional 2026.3.3 on Windows. When Burp Scanner's browser-powered crawler crawled an attacker-controlled website, the website could force Burp to write an attacker-controlled file to an attacker-controlled local path. The issue was caused by Burp's...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 3:45 a.m.60 views

cybersec-crawler

CyberSec Crawler Crawler de ciberseguridad multilingüe que re...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 3:30 p.m.10 views

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...

6.5CVSS5.8AI score0.00286EPSS
Exploits0
Rows per page
Query Builder