203 matches found
Malicious code in libaryscraper (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in discord-scrapper (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in noblox.js-scraper (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2760 Malicious code in noblox.js-scraper (npm)
--- -= Per source details. Do not edit below this line.=-...
Exploit for CVE-2024-28397
Perkenalan 中文 js2py is a popular python...
WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...
WordPress WP Scraper Plugin <= 5.7 is vulnerable to Server Side Request Forgery (SSRF)
Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-37208 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f83430a2f6b5 Credits Majed Refaea...
Exploit for CVE-2024-28397
Introduction 中文 Analysis Chinese./an...
CVE-2024-3663
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...
CVE-2024-3663
CVE-2024-3663 affects the WordPress plugin WP Scraper. A missing capability check in wp_scraper_multi_scrape_action() allows authenticated users with subscriber+ privileges to create arbitrary pages/posts on all versions up to 5.7. Impact per sources: unauthorized content creation within the site...
WordPress WP Scraper plugin <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation vulnerability
Missing Authorization to Arbitrary Page/Post Creation vulnerability discovered by Lucio Sá in WordPress Plugin WP Scraper versions = 5.7...
WordPress Plugin WP Scraper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP Scraper Plugin <= 5.7 is vulnerable to Broken Access Control
Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3663 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a3b87c193df Credits Lucio Sá Required privilege Subscriber...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: flux, minio-fips, fulcio-fips, terraform-provider-aws, kubeadm-bootstrap-controller, prometheus-mysqld-exporter, grafana-operator, hubble-ui, ollama, k3d, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, ip-masq-agent, golangci-lint,...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
Cross site request forgery (csrf)
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455
CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...
PT-2024-15574 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows users with proper authorization levels manager, admin, and when in single user mode to access sensitive information by using a web scraper to query a specific URL:...