Lucene search
K

37 matches found

CVE
CVE
added 2024/12/30 6:23 p.m.107 views

CVE-2024-56800

CVE-2024-56800 – Firecrawl SSRF vulnerability : Firecrawl (OSS) before v1.1.1 is affected by a server-side request forgery that can be triggered by a malicious scrape target redirecting to a local IP, enabling exfiltration of local network resources via the API. The cloud service was patched on 2...

7.4CVSS7.4AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.6 views

PT-2024-37074

Name of the Vulnerable Software and Affected Versions Firecrawl versions prior to 1.1.1 Description Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. The scraping engine could be exploited by crafting a malicious site that redirects to a...

7.4CVSS5.8AI score0.00342EPSS
Exploits0References12
Akamai Blog
Akamai Blog
added 2024/06/25 2:0 p.m.7 views

What?s That Scraping Sound? How Web Scraper Bots Erode Ecommerce Profits

...

7.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2024/06/25 2:0 p.m.4 views

What’s That Scraping Sound? How Web Scraper Bots Erode Ecommerce Profits

...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2024/06/21 4:43 a.m.1380 views

Exploit for CVE-2024-28397

Perkenalan 中文 js2py is a popular python...

5.3CVSS7.9AI score0.04548EPSS
Exploits22
GithubExploit
GithubExploit
added 2024/06/19 1:46 a.m.954 views

Exploit for CVE-2024-28397

Introduction 中文 Analysis Chinese./an...

5.3CVSS6.9AI score0.04548EPSS
Exploits22
NVD
NVD
added 2024/02/26 4:27 p.m.27 views

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS9.4AI score0.00813EPSS
Exploits1References2
Prion
Prion
added 2024/02/26 4:27 p.m.43 views

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

6.5CVSS7.3AI score0.00813EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/25 8:10 a.m.30 views

CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS9.6AI score0.00813EPSS
Exploits1References2
OSV
OSV
added 2024/02/25 8:10 a.m.29 views

CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

9.9CVSS7.2AI score0.00813EPSS
Exploits1References4
CVE
CVE
added 2024/02/25 8:10 a.m.125 views

CVE-2024-0455

CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...

9.9CVSS9.4AI score0.00813EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/25 12:0 a.m.5 views

PT-2024-15574 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows users with proper authorization levels manager, admin, and when in single user mode to access sensitive information by using a web scraper to query a specific URL:...

9.9CVSS9.2AI score0.00813EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 a.m.2 views

CVE-2022-31570

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.8CVSS5.3AI score0.01125EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/08/09 12:30 p.m.116 views

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2020/06/07 12:30 p.m.68 views

Words Scraper - Selenium Based Web Scraper To Generate Passwords List

Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2020/05/31 9:30 p.m.74 views

Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...

6.7AI score
Exploits0References6
Kitploit
Kitploit
added 2018/03/13 1:12 p.m.192 views

Linkedin2Username - Generate Username Lists For Companies On LinkedIn (OSINT Tool)

OSINT Tool: Generate username lists from companies on LinkedIn. Works with Python2. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to login, it will create several lists of possible username formats for all employees of a company you point it at...

7.3AI score
Exploits0References1
Rows per page
Query Builder