Azure Linux 3.0 Security Update: kernel (CVE-2024-49877)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49877 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in...

Azure Linux 3.0 Security Update: hdf5 (CVE-2024-29158)

The version of hdf5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29158 advisory. - HDF5 through 1.14.3 contains a stack buffer overflow in H5FLarrmalloc, resulting in the corruption of the...

Metasploit Weekly Wrap-Up 02/07/2025

Gathering data and improving workflows This week's release includes 2 new auxiliary modules targeting Argus Surveillance DVR and Ivanti Connect Secure. The former, contributed by Maxwell Francis, and based on the work of John Page, can be used to retrieve arbitrary files on the target's filesyste...

ClickHouse Detection

Binary data clickhousewebdetect.nbin...

CVE-2025-22723

Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Server.This issue affects Barcode Scanner with...

CVE-2024-25902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

CVE-2024-56035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kurt Payne Upload Scanner upload-scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through = 1.2...

CVE-2024-38708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory &...

CVE-2024-49220

Cross-Site Request Forgery CSRF vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through = 1.1...

CVE-2024-54265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Reflected XSS.This issue affects Barcode Scann...

CVE-2024-27998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory &...

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3...

CVE-2024-33567

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3...

CVE-2024-2661

The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied...

Amazon Linux AMI : postgresql92 (ALAS-2025-1959)

The version of postgresql92 installed on the remote host is prior to 9.2.24-3.70. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1959 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary...

CVE-2024-35652

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1...

Assembly AI API Detection

Binary data 701501.prm...

OpenLink Software Virtuoso Detection

Binary data openlinkvirtuosowebdetect.nbin...

LobeChat Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LobeChat instance on the target application. LobeChat is an open-source, AI chat framework that supports multi AI providers. This detection is included in the AI and LLM category. No source data...