Lucene search
K

373975 matches found

NVD
NVD
added 10 hours ago6 views

CVE-2026-56281

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS
Exploits0References2
NVD
NVD
added 10 hours ago8 views

CVE-2026-56259

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS
Exploits0References2
NVD
NVD
added 10 hours ago6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS
Exploits0References3
CVE
CVE
added 10 hours ago9 views

CVE-2026-56281

Capgo before 12.128.2 contains a SQL injection in POST /private/admin_stats: the limit parameter is destructured from an unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQ...

5.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago10 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS
Exploits0References2
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-43229

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 10 hours ago10 views

CVE-2026-56260

CVE-2026-56260 affects Crawl4AI

9.1CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 10 hours ago10 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS
Exploits0References3
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-43227

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS6.2AI score
Exploits0References3
CVE
CVE
added 10 hours ago11 views

CVE-2026-56259

CVE-2026-56259 affects Crawl4AI prior to 0.8.8. A credential-exfiltration vulnerability exists in the Docker API server that lets an attacker redirect LLM API calls to attacker-controlled endpoints and read environment variables. By targeting unauthenticated endpoints /md, /llm, and /llm/job and ...

8.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago11 views

CVE-2026-56259 Crawl4AI - LLM Credential Exfiltration via base_url and Environment Variable Resolution

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS
Exploits0References2
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-43226

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score
Exploits0References2
Nuclei
Nuclei
added 19 hours ago56 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS6.4AI score0.01376EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago55 views

FooGallery plugin <= 2.2.35 - Cross-Site Scripting

Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.35 versions. id: CVE-2023-29439 info: name: FooGallery plugin = 2.2.35 - Cross-Site Scripting author: theamanrawat severity: medium description: | Reflected Cross-Site Scripting XSS vulnerability in FooPlugins...

7.1CVSS6.7AI score0.01747EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago27 views

WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue. id: CVE-2021-24286 info: name: WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting author: r3Y3r53 severity: medium descriptio...

6.1CVSS6.4AI score0.13942EPSS
Exploits5References5
Nuclei
Nuclei
added 19 hours ago84 views

Grafana - XSS / Open Redirect / SSRF via Client Path Traversal

An open redirect vulnerability in Grafana can be chained with other issues, such as XSS or SSRF, to increase impact. An attacker may exploit the redirect to target internal services or deliver malicious JavaScript, potentially leading to internal data exposure or account takeover. id: CVE-2025-41...

7.6CVSS7AI score0.97809EPSS
Exploits6References2
Nuclei
Nuclei
added 19 hours ago28 views

Drupal 7 CKEditor XSS

CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...

6.1CVSS6.7AI score0.03189EPSS
Exploits0References4
Nuclei
Nuclei
added 19 hours ago66 views

Blog2Social < 7.2.1 - Cross-Site Scripting

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-3936 info: name: Blog2Social 7.2.1 - Cross-Site...

6.1CVSS6.4AI score0.0093EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago80 views

Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion

A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server. id: CVE-2024-10516 info: name: Swift Performance Lite 2.3.7.2 - Local PHP Fil...

8.1CVSS7.4AI score0.06479EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago51 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. id: CVE-2021-27315 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind...

7.5CVSS7AI score0.07826EPSS
Exploits3References3
Rows per page
Query Builder