Lucene search
K

56 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25710

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.4 views

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

9.2CVSS5.9AI score0.00609EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 4:16 p.m.7 views

PYSEC-2026-33

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

10CVSS6.6AI score0.01589EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

Crawl4AI 代码注入漏洞

Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a code injection vulnerability. This vulnerability stemmed from the /crawl endpoint in the Docker API deployment, which accepted hooks parameters...

10CVSS6.2AI score0.01589EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/12/24 1:22 p.m.214 views

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

Structure du projet cve-2023-0669-simulation/ ├── docker-comp...

7.2CVSS8.6AI score0.99999EPSS
Exploits12
GithubExploit
GithubExploit
added 2025/12/02 1:12 p.m.287 views

Exploit for CVE-2025-1337

CVE‑2025‑1337 — Intentional Remote Code Execution Training Mac...

5.1CVSS7.5AI score0.00489EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/11/25 9:52 a.m.184 views

webVuln-scanner

WebVuln Scanner An advanced web vulnerability scanner with cu...

7.5AI score
Exploits0
OSV
OSV
added 2025/11/17 7:6 p.m.4 views

GHSA-V5W9-PRXF-W882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)

Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...

8.7CVSS7.3AI score
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/03 3:20 p.m.625 views

Exploit for CVE-2025-60787

CVE-2025-60787 CVE-2025-60787 Poc - RCE - MotionEye = 0.43...

8.6AI score0.18993EPSS
Exploits16
GithubExploit
GithubExploit
added 2025/08/26 3:55 p.m.206 views

Exploit for Out-of-bounds Write in Php

Task Management APP CVE-2019-11043 Lab Minimal PHP app with...

9.8CVSS7.2AI score0.9947EPSS
Exploits54
Packet Storm News
Packet Storm News
added 2025/05/12 12:0 a.m.19 views

LLM-Based Threat Detection and Prevention Framework for IoT Ecosystems

The increasing complexity and scale of the Internet of Things IoT have made security a critical concern. This paper presents a novel Large Language Model LLM-based framework for comprehensive threat detection and prevention in IoT environments. The system integrates lightweight LLMs fine-tuned on...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.7 views

Mindskip xzs-mysql 安全漏洞

Mindskip xzs-mysql is a java + vue front-end and back-end separated exam system from Wuhan Mindskip Technology Mindskip company in China. The main advantages are simple and fast development and deployment, friendly interface design and clear code structure. Support web end and wechat small progra...

5.3CVSS5.1AI score0.00317EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.6 views

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute...

5.5CVSS5.8AI score0.00308EPSS
Exploits0References4Affected Software1
Wallarm Lab
Wallarm Lab
added 2024/07/24 2:3 p.m.22 views

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

8.1AI score
Exploits0
NVD
NVD
added 2024/06/08 8:15 p.m.27 views

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

8.8CVSS0.00405EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/08 7:38 p.m.30 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS0.00405EPSS
Exploits1References1
Kitploit
Kitploit
added 2023/05/03 12:30 p.m.39 views

Metlo - An Open-Source API Security Platform

Secure Your API. Metlo is an open-source API security platform With Metlo you can: Create an Inventory of all your APIEndpoints and Sensitive Data. Detect common API vulnerabilities. Proactively test your APIs before they go into production. Detect API attacks in real time. Metlo does this by...

8.3AI score
Exploits0References3
Huntr
Huntr
added 2023/02/21 9:57 p.m.31 views

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

5CVSS5.5AI score0.00639EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2022/09/02 7:46 a.m.530 views

Exploit for Code Injection in Combodo Itop

iTop RCE via SSTI - CVE-2022-24780 exploit iTop --debu...

8.8CVSS8.8AI score0.05341EPSS
Exploits4
Kitploit
Kitploit
added 2022/01/25 11:30 a.m.26 views

FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...

7.2AI score
Exploits0References8
Rows per page
Query Builder