Lucene search
K

262 matches found

Hacker One
Hacker One
added 2026/05/04 1:17 p.m.22 views

PortSwigger Web Security: Burp Suite Professional: browser-powered crawl can write attacker-controlled files through file input handling

A vulnerability was discovered in Burp Suite Professional 2026.3.3 on Windows. When Burp Scanner's browser-powered crawler crawled an attacker-controlled website, the website could force Burp to write an attacker-controlled file to an attacker-controlled local path. The issue was caused by Burp's...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 3:45 a.m.73 views

cybersec-crawler

CyberSec Crawler Crawler de ciberseguridad multilingüe que re...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 3:30 p.m.11 views

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...

6.5CVSS5.8AI score0.00286EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 2:16 p.m.9 views

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16322970...

6.5CVSS5.8AI score0.00286EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/13 12:31 p.m.7 views

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-35337 via org.apache.storm:storm-client (>=2.0.0 <=2.8.5)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.5 and more Source cves: CVE-2026-35337 Source advisory: OSV:GHSA-JF89-3Q6Q-VCGR...

8.8CVSS5.8AI score0.01011EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/25 12:0 a.m.10 views

XSStrike 3.1.6

XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

5.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/08 2:31 a.m.210 views

Plasma

Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/08 1:21 a.m.272 views

Web-Application-Vulnerability-Scanner

WebVulnScan A beginner-to-intermediate web application vuln...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/20 3:28 p.m.148 views

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/16 12:0 a.m.5 views

State of Passkey Authentication in the Wild: A Census of the Top 100K Sites

Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering usability through platform credential managers. Since their...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/02 5:50 p.m.153 views

XSS-Crawler

No d...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.4 views

JavaScript Sensitive Information Disclosure Scanner

This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.10 views

JS Secret Hunter 2

JS Secret Hunter is an advanced Python tool designed for security researchers to automate the detection of hardcoded secrets in client-side JavaScript. Unlike simple scanners, V2 includes a dynamic crawler that parses the HTML of the target website to extract all loaded JavaScript files...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.5 views

Maxun 授权问题漏洞

Maxun is a crawler tool from Maxun open source. An authorization issue vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from an incorrect operation of the function router.get in the file server/src/routes/auth.ts, which could lead to improper authorization...

6.5CVSS6.4AI score0.00323EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/11/25 8:41 p.m.6 views

com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.40.5 <=1.41.3) +84 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=2.0.0-rc1 <=2.19.3)

org.opensearch:opensearch MAVEN version =2.0.0-rc1, =1.40.5, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812https://vulners.com/sny...

8.3CVSS5.8AI score0.0047EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/10/29 2:57 p.m.8 views

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence AI models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve...

7.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/18 6:43 p.m.11 views

CVE-2025-62505

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

3CVSS6.9AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2025/10/17 6:18 p.m.12 views

CVE-2025-62505

LobeChat exposes an SSRF in version 1.136.1 via the web-crawler’s tools.search.crawlPages endpoint. The naive impl (naive) allows a user-provided urls array to be fetched server-side without validating internal network addresses (localhost, 127.0.0.1, private ranges, or metadata endpoints). With ...

3CVSS6.7AI score0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/17 6:18 p.m.1 views

CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

3CVSS6.7AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/17 6:18 p.m.12 views

CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

3CVSS0.00294EPSS
Exploits0References2
Rows per page
Query Builder