9202 matches found
SUSE-SU-2026:20451-1 Security update for docker-compose
This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...
minimal_poc
bas...
Exploit for OS Command Injection in Docker
HATCH Host Access Testing for Container Hardening A com...
CVE-2026-26217
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
PYSEC-2026-33
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
PYSEC-2026-34
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
CVE-2026-26217
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26217 Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
CVE-2026-26217
CVE-2026-26217 affects Crawl4AI
CVE-2026-26217
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
CVE-2026-26217 Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...
CVE-2026-26216 Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216 Crawl4AI < 0.8.0 Docker API Unauthenticated Remote Code Execution via Hooks Parameter
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-26216
CVE-2026-26216 affects Crawl4AI before 0.8.0 in its Docker API deployment. The /crawl endpoint accepts a hooks parameter that contains Python code executed with exec(), with import included in allowed builtins, enabling unauthenticated remote code execution. Impact includes full server compromise...
Exploit for Deserialization of Untrusted Data in Facebook React
This Proof of Concept PoC for React2Shell CVE-2025-55182 vul...
Crawl4AI 路径遍历漏洞
Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a path traversal vulnerability. This vulnerability stemmed from multiple endpoints in the Docker API that accepted file:// URLs, allowing...
Crawl4AI 代码注入漏洞
Crawl4AI is an open-source, LLM-friendly web crawler developed by UncleCode’s individual developers. Versions of Crawl4AI prior to 0.8.0 contained a code injection vulnerability. This vulnerability stemmed from the /crawl endpoint in the Docker API deployment, which accepted hooks parameters...