Lucene search
K

262 matches found

CNNVD
CNNVD
added 2022/04/14 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploited the vulnerability to read the cache of an anonymous i.e., not logged in user, thereby...

5.3CVSS5.7AI score0.00976EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.5 views

PT-2022-16903 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...

5.3CVSS5AI score0.00976EPSS
Exploits0References7
CNVD
CNVD
added 2022/03/04 12:0 a.m.20 views

Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)

Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...

8.8CVSS2.7AI score0.01243EPSS
Exploits1References1
OSV
OSV
added 2022/01/26 10:15 p.m.33 views

CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

8.8CVSS7.2AI score
Exploits0References5
NVD
NVD
added 2022/01/26 10:15 p.m.55 views

CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS0.0765EPSS
Exploits1References5
OSV
OSV
added 2022/01/26 10:15 p.m.37 views

PYSEC-2022-17

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS6.6AI score0.0765EPSS
Exploits1References5
CVE
CVE
added 2022/01/26 9:30 p.m.107 views

CVE-2021-32849

Gerapy (distributed crawler management framework) contains an authenticated arbitrary command execution vulnerability tracked as CVE-2021-32849. Prior to version 0.9.9, an authenticated user could execute commands on the server. The issue has been fixed in version 0.9.9. Public sources in the con...

9CVSS8.5AI score0.0765EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/01/26 9:30 p.m.47 views

CVE-2021-32849 Arbitrary command execution in Gerapy

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

8.8CVSS8.8AI score0.0765EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.8 views

Gerapy 命令注入漏洞

Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...

9CVSS5.8AI score0.0765EPSS
Exploits1References6
NVD
NVD
added 2021/12/27 7:15 p.m.14 views

CVE-2021-43857

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

9.8CVSS0.55331EPSS
Exploits7References4
OSV
OSV
added 2021/12/27 7:15 p.m.28 views

CVE-2021-43857

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

8.8CVSS8.7AI score
Exploits0References4
OSV
OSV
added 2021/12/27 7:15 p.m.16 views

PYSEC-2021-867

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

9.8CVSS5.6AI score0.55331EPSS
Exploits7References4
CVE
CVE
added 2021/12/27 6:30 p.m.224 views

CVE-2021-43857

CVE-2021-43857 affects Gerapy, a distributed crawler management framework. Affected versions prior to 0.9.8 are vulnerable to remote code execution due to an OS command injection flaw in the spider/config flow. The issue is patched in version 0.9.8; users should upgrade to 0.9.8 or later to mitig...

9.8CVSS8.6AI score0.55331EPSS
Exploits7References4Affected Software1
Malwarebytes
Malwarebytes
added 2021/12/09 2:8 p.m.30 views

What is a search engine and why does anyone care which one you use?

An attempt at a simple definition: a search engine is a software system that allows users to find content on the Internet based on their input. The introduction of the major search engines brought about huge changes in the way we use the Internet. There is a wealth of knowledge available for thos...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the fact that during the crawler optimization phase of the affected version of TensorFlow, constant folding may attempt to...

5.5CVSS5.9AI score0.00136EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.5 views

Skycaiji 路径遍历漏洞

Skycaiji Blue Sky Collector is a free data collection and publishing crawler software in China, developed with php+mysql and can be deployed on cloud servers. A path traversal vulnerability exists in Skycaiji version 1.3, which stems from. The vulnerability stems from a failure of a network syste...

5.3CVSS5.9AI score0.0196EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2021/07/13 7:0 a.m.62 views

Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 (KB5001981)

Description of the security update for SharePoint Enterprise Server 2016: July 13, 2021 KB5001981 Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

5.3CVSS6.5AI score0.04445EPSS
Exploits0
NVD
NVD
added 2021/05/13 6:15 p.m.22 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.5CVSS0.0127EPSS
Exploits0References1
OSV
OSV
added 2021/05/13 6:15 p.m.19 views

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.5CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2021/05/13 6:15 p.m.20 views

Xxe

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

5CVSS7.6AI score0.0127EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder