66 matches found
psqli
psqli Powerfull Automatic Sql injection Tools Pack Fast...
JavaScript Sensitive Information Disclosure Scanner
This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...
CVE-2025-62505
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
CVE-2025-62505
LobeChat exposes an SSRF in version 1.136.1 via the web-crawler’s tools.search.crawlPages endpoint. The naive impl (naive) allows a user-provided urls array to be fetched server-side without validating internal network addresses (localhost, 127.0.0.1, private ranges, or metadata endpoints). With ...
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module
LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...
漏洞扫描工具
This is a vulnerability scanning tool, which combines multiple network security techniques to automate vulnerability detection. The tool includes four core scanning technologies: SQL injection detection, XSS detection, path traversal detection, and sensitive information disclosure detection. It...
When Blockchain Meets Crawlers: Real-Time Market Analytics in Solana NFT Markets
In this paper, we design and implement a web crawler system based on the Solana blockchain for the automated collection and analysis of market data for popular non-fungible tokens NFTs on the chain. Firstly, the basic information and transaction data of popular NFTs on the Solana chain are...
CVE-2025-27600 FastGPT SSRF
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
FastGPT 代码问题漏洞
FastGPT is labring open source a large language model based on the open source knowledge base question and answer system. A code issue vulnerability exists in FastGPT versions prior to 4.9.0, which stems from the web crawler plugin not performing intranet IP validation, which could lead to the...
CVE-2024-0243
LangChain’s CVE-2024-0243 describes an SSRF in the RecursiveUrlLoader used by LangChain, where an attacker controlling the content at a base URL (e.g., https://example.com) can inject links that cause the crawler to fetch external URLs despite prevent_outside being set. The issue is fixed in the ...
Hour of Code 安全漏洞
Hour of Code is an application for ming individual developers. It uses Python to create a web crawler. A security vulnerability exists in Hour of Code, which stems from a code execution backdoor via request packets that can be exploited by an attacker to access sensitive user information and...
Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask
Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...
Scrapy Information Disclosure Vulnerability (CNVD-2022-17012)
Scrapy is a free and open-source web crawler framework written in Python.An information disclosure vulnerability exists in versions of Scrapy prior to 2.6.1, which stems from the product's failure to effectively protect sensitive information. An attacker could use this vulnerability to obtain...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Xxe
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...