56 matches found
PT-2026-25710
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...
CVE-2026-26217
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
PYSEC-2026-33
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
Crawl4AI 代码注入漏洞
Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a code injection vulnerability. This vulnerability stemmed from the /crawl endpoint in the Docker API deployment, which accepted hooks parameters...
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer
Structure du projet cve-2023-0669-simulation/ ├── docker-comp...
Exploit for CVE-2025-1337
CVE‑2025‑1337 — Intentional Remote Code Execution Training Mac...
webVuln-scanner
WebVuln Scanner An advanced web vulnerability scanner with cu...
GHSA-V5W9-PRXF-W882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...
Exploit for CVE-2025-60787
CVE-2025-60787 CVE-2025-60787 Poc - RCE - MotionEye = 0.43...
Exploit for Out-of-bounds Write in Php
Task Management APP CVE-2019-11043 Lab Minimal PHP app with...
LLM-Based Threat Detection and Prevention Framework for IoT Ecosystems
The increasing complexity and scale of the Internet of Things IoT have made security a critical concern. This paper presents a novel Large Language Model LLM-based framework for comprehensive threat detection and prevention in IoT environments. The system integrates lightweight LLMs fine-tuned on...
Mindskip xzs-mysql 安全漏洞
Mindskip xzs-mysql is a java + vue front-end and back-end separated exam system from Wuhan Mindskip Technology Mindskip company in China. The main advantages are simple and fast development and deployment, friendly interface design and clear code structure. Support web end and wechat small progra...
The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.
The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute...
How Can Deliberately Flawed APIs Help In Mastering API Security?
In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...
CVE-2024-4680
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
Metlo - An Open-Source API Security Platform
Secure Your API. Metlo is an open-source API security platform With Metlo you can: Create an Inventory of all your APIEndpoints and Sensitive Data. Detect common API vulnerabilities. Proactively test your APIs before they go into production. Detect API attacks in real time. Metlo does this by...
Observable Timing Discrepancy in Login Portal
Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...
Exploit for Code Injection in Combodo Itop
iTop RCE via SSTI - CVE-2022-24780 exploit iTop --debu...
FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...