Lucene search
+L

730 matches found

nuclei
nuclei
added yesterday89 views

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

6.1CVSS6AI score0.02291EPSS
Exploits2References3
nuclei
nuclei
added yesterday33 views

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting

Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...

6.1CVSS6.4AI score0.01912EPSS
Exploits0References2
nuclei
nuclei
added yesterday51 views

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.3AI score0.11182EPSS
Exploits1References4
nuclei
nuclei
added yesterday178 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.6AI score0.03333EPSS
Exploits1References6
thn
thn
added 2026/07/07 1:27 p.m.19 views

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025...

6AI score
Exploits0
snyk
snyk
added 2026/06/18 1:56 p.m.6 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SpiderTools.validateurl process, which fails to resolve DNS hostnames before validation. An attacke...

8.8CVSS5.8AI score
Exploits0References2
snyk
snyk
added 2026/05/29 10:27 p.m.7 views

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS5.5AI score0.00014EPSS
Exploits0References2
snyk
snyk
added 2026/05/29 10:27 p.m.8 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper URL validation the spidertools component. An attacker can access internal loopback-only HTTP...

6.9CVSS5.5AI score0.00014EPSS
Exploits0References2
osv
osv
added 2026/05/29 10:27 p.m.8 views

GHSA-5C6W-WWFQ-7QQM PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

5.5CVSS6.2AI score0.00014EPSS
Exploits0References2
github
github
added 2026/05/29 10:27 p.m.29 views

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

6.2AI score0.00014EPSS
Exploits0References2Affected Software2
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.13 views

PT-2026-45049

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description URL validation in the spider tools component can be bypassed using alternate loopback host encodings, leading to Server-Side Request Forgery SSRF. The validate url function only blocks a...

5.5CVSS6.1AI score0.00014EPSS
Exploits0References9
packetstormnews
packetstormnews
added 2026/05/26 12:0 a.m.59 views

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

5.9AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/04 12:0 a.m.7 views

DNS Spider Multithreaded Bruteforcer 1.5

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation...

5.8AI score
Exploits0
wired
wired
added 2026/05/02 10:30 a.m.21 views

Disneyland Now Uses Face Recognition on Visitors

Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more...

5.8AI score
Exploits0
thn
thn
added 2026/05/01 2:26 p.m.10 views

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC66...

5.8AI score
Exploits0
hackread
hackread
added 2026/04/29 11:19 a.m.9 views

US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches...

5.3AI score
Exploits0
krebs
krebs
added 2026/04/21 2:53 p.m.8 views

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider " has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group...

5.7AI score
Exploits0
hackread
hackread
added 2026/04/20 12:43 p.m.9 views

British Hacker Tyler Buchanan Pleads Guilty to $8M Hacking Scheme in US

Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft...

5.8AI score
Exploits0
githubexploit
githubexploit
added 2026/03/25 3:8 p.m.166 views

web-app-security-owasp-zap

🔐 Web Application Security Testing with OWASP ZAP Author:...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27884

NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...

5.3CVSS6AI score0.00329EPSS
Exploits0References1
Rows per page
Query Builder