Summary
Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
- CRITICALGHSA-X223-P2GF-V735
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
- HIGHGHSA-R4GV-QR8J-P3PG
handlebars.java FileTemplateLoader Path Traversal
- HIGHGHSA-M9CV-24RX-8MV7
Filament: Disabled RichEditor field state can be used for XSS
- HIGHGHSA-9CPJ-QC93-VW8V
Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
- HIGHGHSA-JRFP-M64G-PCWV
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects