Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

419 matches found

OSV
OSVadded 2021/10/06 6:15 p.m.18 views

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS6.6AI score
Exploits0References5
OSV
OSVadded 2021/10/06 6:15 p.m.1 views

DEBIAN-CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.2AI score0.00251EPSS
Exploits0References1
Prion
Prionadded 2021/10/06 6:15 p.m.19 views

Authentication flaw

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

4CVSS6.5AI score0.00251EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCveadded 2021/10/06 6:15 p.m.15 views

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS6.9AI score0.00251EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2021/10/06 5:46 p.m.38 views

Scrapy HTTP authentication credentials potentially leaked to target websites

Impact If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as robots.txt requests sent by Scrapy when the ROBOTSTXTOBEY...

6.5CVSS6.5AI score0.00251EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2021/10/06 5:15 p.m.18 views

CVE-2021-41125 HTTP authentication credential leak to target websites in scrapy

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

5.7CVSS6.8AI score0.00251EPSS
Exploits0References5
CVE
CVEadded 2021/10/06 5:15 p.m.86 views

CVE-2021-41125

CVE-2021-41125 affects Scrapy (Python): when using HttpAuthMiddleware (http_user/http_pass spider attributes), credentials may be exposed in requests, including robots.txt checks and redirects. Affected versions include older Scrapy releases prior to fixes. Mitigation per sources: upgrade to Scra...

6.5CVSS6AI score0.00251EPSS
Exploits0References5Affected Software1
Metasploit
Metasploitadded 2021/09/01 5:42 p.m.161 views

Geutebruck Multiple Remote Command Execution

This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devic...

9.8CVSS8AI score0.94247EPSS
Exploits12
CNNVD
CNNVDadded 2021/07/14 12:0 a.m.0 views

SoftBank Optical BB unit E-WMTA 跨站请求伪造漏洞

SoftBank Optical BB unit E-WMTA is a product of SoftBank Corporation Japan. The SoftBank Optical BB unit E-WMTA suffers from a cross-site request forgery vulnerability that stems from insufficient authentication of the HTTP request source. An attacker could exploit this vulnerability to trick a...

8.8CVSS6.8AI score0.00094EPSS
Exploits0References3
OSV
OSVadded 2021/06/24 2:15 p.m.1 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS7.4AI score
Exploits0References2
NVD
NVDadded 2021/06/24 2:15 p.m.10 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS0.00302EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2021/06/24 2:15 p.m.32 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS6.8AI score0.00302EPSS
Exploits0References2
Prion
Prionadded 2021/06/24 2:15 p.m.17 views

Design/Logic Flaw

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

4.3CVSS4.9AI score0.00302EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2021/06/24 2:15 p.m.1 views

UBUNTU-CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS6.4AI score0.00302EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2021/06/24 1:14 p.m.43 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS6.3AI score0.00302EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/06/24 1:14 p.m.27 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.3CVSS7.6AI score0.00302EPSS
Exploits0
Cvelist
Cvelistadded 2021/06/24 1:14 p.m.16 views

CVE-2021-29965

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are...

5.8AI score0.00302EPSS
Exploits0References2
CNVD
CNVDadded 2021/06/07 12:0 a.m.26 views

Mozilla Firefox has an unspecified vulnerability (CNVD-2021-54701)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A security vulnerability exists in Mozilla Firefox, which stems from a malicious Web site that generates HTTP authentication dialogs that could trick the built-in password manager into suggesting a password for...

5.3CVSS0.7AI score0.00302EPSS
Exploits0References1
Veracode
Veracodeadded 2021/06/05 10:1 p.m.26 views

Domain Spoofing

firefox is vulnerable to domain spoofing. A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog...

5.3CVSS0.4AI score0.00302EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2021/06/01 12:0 a.m.64 views

Mozilla Firefox < 89.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 89.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-23 advisory. - Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safet...

8.8CVSS7.5AI score0.00407EPSS
Exploits0References10
Rows per page
Query Builder