The Librarian does not secure its interface, allowing for access to internal system data

Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google...

Reporttool

Reporttool A versatile report and attack tool that can carry o...

How Far Are We? an Empirical Analysis of Current Vulnerability Localization Approaches

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when processing large volumes of commit histories, while being...

Scoring the Unscorables: Cyber Risk Assessment beyond Internet Scans

In this paper we present a study on using novel data types to perform cyber risk quantification by estimating the likelihood of a data breach. We demonstrate that it is feasible to build a highly accurate cyber risk assessment model using public and readily available technology signatures obtaine...

CVE-2025-27600

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

CVE-2025-27600 FastGPT SSRF

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

PT-2025-10000

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.9.0 Description The issue arises from the web crawling plug-in's failure to perform intranet IP verification. This allows an attacker to initiate an intranet IP request, causing the system to make a request through...

Fedora: Security Advisory (FEDORA-2024-c27b82d702)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python-scrapy-2.11.2-1.fc39

Scrapy is a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing...

Quivr Code Issue Vulnerability

Quivr is an artificial intelligence application open-sourced by Quivr. A code issue vulnerability exists in Quivr version 0.0.236 that stems from the application not providing sufficient controls when crawling websites, allowing an attacker to access the application on the local network...

Uscrapper - Powerful OSINT Webscraper For Personal Data Collection

Introducing Uscrapper 2.0, A powerfull OSINT webscrapper that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames...

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

CVE-2021-41125

CVE-2021-41125 affects Scrapy (Python): when using HttpAuthMiddleware (http_user/http_pass spider attributes), credentials may be exposed in requests, including robots.txt checks and redirects. Affected versions include older Scrapy releases prior to fixes. Mitigation per sources: upgrade to Scra...

A New Free Monitoring Tool to Measure Your Dark Web Exposure

Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resourc...

Gospider - Fast Web Spider Written In Go

GoSpider - Fast web spider written in Go Installation go get -u github.com/jaeles-project/gospider Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from respons...

Amass - In-depth Subdomain Enumeration

The Amass tool performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names and reverse DNS sweeping to obtain additional subdomain names. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

NSE Nmap Script Development IDE: Halcyon

Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...

Inventus - A Spider Designed To Find Subdomains Of A Specific Domain By Crawling

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers. It's a Scrapy spider, meaning it's easily modified and extendable to your needs. Demo Requirements Linux -- I haven't tested this on Windows. Python 2.7 or Python 3.3+ Scrapy 1.4....

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...