Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.1 views

PT-2026-30339

Summary The fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

9.3CVSS6AI score0.00043EPSS
Exploits2References6
Cvelist
Cvelistadded 2026/03/26 5:29 p.m.21 views

CVE-2026-32857 Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS0.00015EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/26 12:0 a.m.2 views

PT-2026-28444

Name of the Vulnerable Software and Affected Versions Firecrawl versions 2.8.0 and earlier Description The software contains a server-side request forgery SSRF protection bypass in the Playwright scraping service. The network policy validation is applied only to the initial URL provided by the us...

8.6CVSS5.9AI score0.00015EPSS
Exploits0References8
Rows per page
Query Builder