262 matches found
CVE-2025-27600 FastGPT SSRF
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
FastGPT 代码问题漏洞
FastGPT is labring open source a large language model based on the open source knowledge base question and answer system. A code issue vulnerability exists in FastGPT versions prior to 4.9.0, which stems from the web crawler plugin not performing intranet IP validation, which could lead to the...
CVE-2025-22775
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through = 5.1.3...
Malicious code in ethereum-node-crawler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9059050ba1bb06c1571d7f0b513b58f373f35a6c437a14344acd72a1a01872d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1118 Malicious code in ethereum-node-crawler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9059050ba1bb06c1571d7f0b513b58f373f35a6c437a14344acd72a1a01872d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress plugin Catalog Importer, Scraper & Crawler 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Catalog Importer, Scraper & Crawler versions = 5.1.3...
CVE-2024-56361
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
CVE-2024-56361 Stored Cross-Site Scripting (XSS) in lgsl v7.0
LGSL Live Game Server List provides online status for games. Before 7.0.0, a stored cross-site scripting XSS vulnerability was identified in lgsl. The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon...
lgsl Stored Cross-Site Scripting vulnerability
Summary A stored cross-site scripting XSS vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. Details The function lgslquery40 in lgslprotocol.php has implemented an HTTP crawler. This...
PT-2024-36803 · Lgsl · Lgsl
Name of the Vulnerable Software and Affected Versions: LGSL versions prior to 7.0.0 Description: A stored cross-site scripting XSS vulnerability was identified in LGSL. The issue arises from improper sanitation of user input. The function lgsl query 40 in lgsl protocol.php has implemented an HTTP...
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library...
MAL-2025-2943 Malicious code in canvas-crawler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e26aa849df7710714fbcef97638e99ec2f03a138b1e27c78ad0bb2caff64d5e1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EasySpider Security Vulnerability
EasySpider is a visual data collection and crawler software by the individual developer Naibo Wang. A security vulnerability exists in EasySpider version 0.6.2, which stems from a path traversal issue...
vulSystem
This repository appears to be a collection of tools and scripts for web scraping and data collection, likely used for research or analysis purposes. The tools are written in Python and utilize various libraries such as BeautifulSoup and requests. The repository contains several scripts, including...
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...
skycaiji Security Breach
Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang ZhuoLan Technology Co., Ltd, which is developed by php+mysql and can be deployed on cloud servers. A security vulnerability exists in skycaiji version 2.8, which stems from a cross-site...
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure
Description The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it...
GHSA-9JH5-QF84-X6PR Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...