Lucene search
K

203 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:36 p.m.5 views

Malicious code in libaryscraper (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:34 p.m.3 views

Malicious code in discord-scrapper (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:52 p.m.3 views

Malicious code in noblox.js-scraper (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:52 p.m.7 views

MAL-2024-2760 Malicious code in noblox.js-scraper (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/06/21 4:43 a.m.1380 views

Exploit for CVE-2024-28397

Perkenalan 中文 js2py is a popular python...

5.3CVSS7.9AI score0.04548EPSS
Exploits22
Patchstack
Patchstack
added 2024/06/20 1:5 p.m.5 views

WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...

4.9CVSS7AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.9 views

WordPress WP Scraper Plugin <= 5.7 is vulnerable to Server Side Request Forgery (SSRF)

Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-37208 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f83430a2f6b5 Credits Majed Refaea...

4.9CVSS6.7AI score0.00209EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2024/06/19 1:46 a.m.953 views

Exploit for CVE-2024-28397

Introduction 中文 Analysis Chinese./an...

5.3CVSS6.9AI score0.04548EPSS
Exploits22
NVD
NVD
added 2024/05/22 7:15 a.m.16 views

CVE-2024-3663

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...

4.3CVSS4.8AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/22 6:50 a.m.53 views

CVE-2024-3663

CVE-2024-3663 affects the WordPress plugin WP Scraper. A missing capability check in wp_scraper_multi_scrape_action() allows authenticated users with subscriber+ privileges to create arbitrary pages/posts on all versions up to 5.7. Impact per sources: unauthorized content creation within the site...

4.3CVSS4.8AI score0.00343EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/22 1:12 a.m.7 views

WordPress WP Scraper plugin <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation vulnerability

Missing Authorization to Arbitrary Page/Post Creation vulnerability discovered by Lucio Sá in WordPress Plugin WP Scraper versions = 5.7...

4.3CVSS7AI score0.00343EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.6 views

WordPress Plugin WP Scraper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.10 views

WordPress WP Scraper Plugin <= 5.7 is vulnerable to Broken Access Control

Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3663 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a3b87c193df Credits Lucio Sá Required privilege Subscriber...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References3Affected Software1
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.77 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: flux, minio-fips, fulcio-fips, terraform-provider-aws, kubeadm-bootstrap-controller, prometheus-mysqld-exporter, grafana-operator, hubble-ui, ollama, k3d, kubernetes-csi-livenessprobe, prometheus-stackdriver-exporter, ip-masq-agent, golangci-lint,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
NVD
NVD
added 2024/02/26 4:27 p.m.27 views

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS9.4AI score0.00813EPSS
Exploits1References2
OSV
OSV
added 2024/02/26 4:27 p.m.29 views

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

7.5CVSS7AI score0.00813EPSS
Exploits1References2
Prion
Prion
added 2024/02/26 4:27 p.m.43 views

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

6.5CVSS7.3AI score0.00813EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/25 8:10 a.m.30 views

CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS9.6AI score0.00813EPSS
Exploits1References2
CVE
CVE
added 2024/02/25 8:10 a.m.125 views

CVE-2024-0455

CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...

9.9CVSS9.4AI score0.00813EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/25 12:0 a.m.5 views

PT-2024-15574 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows users with proper authorization levels manager, admin, and when in single user mode to access sensitive information by using a web scraper to query a specific URL:...

9.9CVSS9.2AI score0.00813EPSS
Exploits1References5
Rows per page
Query Builder