262 matches found
PortSwigger Web Security: Burp Suite Professional: browser-powered crawl can write attacker-controlled files through file input handling
A vulnerability was discovered in Burp Suite Professional 2026.3.3 on Windows. When Burp Scanner's browser-powered crawler crawled an attacker-controlled website, the website could force Burp to write an attacker-controlled file to an attacker-controlled local path. The issue was caused by Burp's...
cybersec-crawler
CyberSec Crawler Crawler de ciberseguridad multilingüe que re...
com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)
org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...
com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)
org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16322970...
com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-35337 via org.apache.storm:storm-client (>=2.0.0 <=2.8.5)
org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.5 and more Source cves: CVE-2026-35337 Source advisory: OSV:GHSA-JF89-3Q6Q-VCGR...
XSStrike 3.1.6
XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...
Plasma
Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...
Web-Application-Vulnerability-Scanner
WebVulnScan A beginner-to-intermediate web application vuln...
refinance-poc
Refi-Ready POC This project is a Proof-of-Concept for a serve...
State of Passkey Authentication in the Wild: A Census of the Top 100K Sites
Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering usability through platform credential managers. Since their...
XSS-Crawler
No d...
JavaScript Sensitive Information Disclosure Scanner
This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...
JS Secret Hunter 2
JS Secret Hunter is an advanced Python tool designed for security researchers to automate the detection of hardcoded secrets in client-side JavaScript. Unlike simple scanners, V2 includes a dynamic crawler that parses the HTML of the target website to extract all loaded JavaScript files...
Maxun 授权问题漏洞
Maxun is a crawler tool from Maxun open source. An authorization issue vulnerability exists in Maxun 0.0.28 and earlier versions, which stems from an incorrect operation of the function router.get in the file server/src/routes/auth.ts, which could lead to improper authorization...
com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.40.5 <=1.41.3) +84 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=2.0.0-rc1 <=2.19.3)
org.opensearch:opensearch MAVEN version =2.0.0-rc1, =1.40.5, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812https://vulners.com/sny...
New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts
Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence AI models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve...
CVE-2025-62505
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
CVE-2025-62505
LobeChat exposes an SSRF in version 1.136.1 via the web-crawler’s tools.search.crawlPages endpoint. The naive impl (naive) allows a user-provided urls array to be fetched server-side without validating internal network addresses (localhost, 127.0.0.1, private ranges, or metadata endpoints). With ...
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...