CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 14 hours ago•29 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.3AI score0.03333EPSS

Exploits1References6

Nuclei•added 14 hours ago•47 views

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.1AI score0.11182EPSS

Exploits1References4

OSV•added 2026/05/29 10:27 p.m.•6 views

GHSA-5C6W-WWFQ-7QQM PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

5.5CVSS6.2AI score0.00014EPSS

Snyk•added 2026/05/29 10:27 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS5.5AI score0.00014EPSS

Snyk•added 2026/05/29 10:27 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper URL validation the spidertools component. An attacker can access internal loopback-only HTTP...

6.9CVSS5.5AI score0.00014EPSS

Github Security Blog•added 2026/05/29 10:27 p.m.•26 views

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

6.2AI score0.00014EPSS

Exploits0References2Affected Software2

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-45049

Summary PraisonAI's spider tools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spider tools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

5.5CVSS6.2AI score0.00014EPSS

Exploits0References3

Packet Storm News•added 2026/05/26 12:0 a.m.•42 views

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

5.9AI score

Packet Storm News•added 2026/05/04 12:0 a.m.•4 views

DNS Spider Multithreaded Bruteforcer 1.5

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation...

Wired Threat Level•added 2026/05/02 10:30 a.m.•7 views

Disneyland Now Uses Face Recognition on Visitors

Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more...

The Hacker News•added 2026/05/01 2:26 p.m.•8 views

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC66...

HackRead•added 2026/04/29 11:19 a.m.•5 views

US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches...

5.3AI score

Krebs on Security•added 2026/04/21 2:53 p.m.•5 views

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group "Scattered Spider " has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group...

5.7AI score

HackRead•added 2026/04/20 12:43 p.m.•6 views

British Hacker Tyler Buchanan Pleads Guilty to $8M Hacking Scheme in US

Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft...

GithubExploit•added 2026/03/25 3:8 p.m.•132 views

web-app-security-owasp-zap

🔐 Web Application Security Testing with OWASP ZAP Author:...

5.9AI score