Lucene search
K

262 matches found

OSV
OSV
added 2025/03/06 7:5 p.m.21 views

CVE-2025-27600 FastGPT SSRF

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

6.9CVSS6.8AI score0.00254EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.3 views

FastGPT 代码问题漏洞

FastGPT is labring open source a large language model based on the open source knowledge base question and answer system. A code issue vulnerability exists in FastGPT versions prior to 4.9.0, which stems from the web crawler plugin not performing intranet IP validation, which could lead to the...

6.9CVSS6.9AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/07 9:47 a.m.4 views

CVE-2025-22775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through = 5.1.3...

7.1CVSS7.2AI score0.00322EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 9:1 a.m.3 views

Malicious code in ethereum-node-crawler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9059050ba1bb06c1571d7f0b513b58f373f35a6c437a14344acd72a1a01872d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/02/03 9:1 a.m.4 views

MAL-2025-1118 Malicious code in ethereum-node-crawler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9059050ba1bb06c1571d7f0b513b58f373f35a6c437a14344acd72a1a01872d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.1 views

WordPress plugin Catalog Importer, Scraper & Crawler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

7.1CVSS7.8AI score0.00322EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/14 5:46 a.m.3 views

WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Catalog Importer, Scraper & Crawler versions = 5.1.3...

7.1CVSS6.1AI score0.00322EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/26 10:15 p.m.12 views

CVE-2024-56361

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

5.3CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/26 9:59 p.m.8 views

CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0

LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...

5.3CVSS5.2AI score0.00435EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/26 8:20 p.m.24 views

lgsl Stored Cross-Site Scripting vulnerability

Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...

5.3CVSS5.4AI score0.00435EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.3 views

PT-2024-36803 · Lgsl · Lgsl

Name of the Vulnerable Software and Affected Versions: LGSL versions prior to 7.0.0 Description: A stored cross-site scripting XSS vulnerability was identified in LGSL. The issue arises from improper sanitation of user input. The function lgsl query 40 in lgsl protocol.php has implemented an HTTP...

5.3CVSS5.7AI score0.00435EPSS
Exploits0References9
Kitploit
Kitploit
added 2024/09/22 11:30 a.m.174 views

Secator - The Pentester'S Swiss Knife

secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library...

6.6AI score
Exploits0References23
OSV
OSV
added 2024/07/26 4:53 p.m.5 views

MAL-2025-2943 Malicious code in canvas-crawler (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e26aa849df7710714fbcef97638e99ec2f03a138b1e27c78ad0bb2caff64d5e1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.5 views

EasySpider Security Vulnerability

EasySpider is a visual data collection and crawler software by the individual developer Naibo Wang. A security vulnerability exists in EasySpider version 0.6.2, which stems from a path traversal issue...

8.8CVSS5.2AI score0.03333EPSS
Exploits1References5
Gitee
Gitee
added 2024/06/29 11:34 a.m.73 views

vulSystem

This repository appears to be a collection of tools and scripts for web scraping and data collection, likely used for research or analysis purposes. The tools are written in Python and utilize various libraries such as BeautifulSoup and requests. The repository contains several scripts, including...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2024/06/26 12:30 p.m.174 views

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...

7AI score
Exploits0References12
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.4 views

skycaiji Security Breach

Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang ZhuoLan Technology Co., Ltd, which is developed by php+mysql and can be deployed on cloud servers. A security vulnerability exists in skycaiji version 2.8, which stems from a cross-site...

6.1CVSS6.2AI score0.00278EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.7 views

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure

Description The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it...

4.3CVSS6.4AI score0.00343EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/09 3:50 p.m.31 views

GHSA-9JH5-QF84-X6PR Contao: Possible cookie sharing with external domains while checking protected pages for broken links

Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...

8.3CVSS7AI score0.00708EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/04/09 3:50 p.m.83 views

Contao: Possible cookie sharing with external domains while checking protected pages for broken links

Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...

8.3CVSS6.9AI score0.00708EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder