Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution

The WordPress Bricks Theme installed on the remote host is affected by a vulnerability allowing an unauthenticated attacker to execute arbitrary code via a specially forged request. No source data...

Odoo Database Manager Detected

Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. When exposed, this web interface can help an attacker trying to bruteforce weak master passwords and...

NextChat / ChatGPT Next Detection

Binary data 701474.prm...

Missing 'Content-Type' Charset

The Content-Type header allows clients to find an appropriate way to render data, omission of the charset can lead to various behaviour like a Cross-Site Scripting abusing the browser's auto-detection mechanism. No source data...

Atlassian Confluence < 7.19.22 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...

H2O Flow Detection

Binary data 701473.prm...

ZenML Detection

Binary data 701476.prm...

Ray Dashboard Detection

Binary data 701475.prm...

ServiceNow Server-Side Template Injection

ServiceNow is affected by a vulnerability allowing an unauthenticated attacker to obtain Server-Side Template Injection via a specially forged request. This vulnerability can be used to execute arbitrary code. No source data...

Grafana Default Credentials

The scanner successfully authenticated on the Grafana web application by using predictable credentials on its login form. No source data...

Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution

Apache Hugegraph versions 1.0.0 prior to 1.3.0 is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...

Odoo Unprotected Database Manager

Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. If no master password is set, this web interface allows any unauthenticated and remote attacker to...

Atlassian Confluence 7.20.x < 8.5.9 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...

Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...

Microsoft Edge (Chromium) < 126.0.2592.113 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.113. It is, therefore, affected by multiple vulnerabilities as referenced in the July 18, 2024 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacke...

Oracle MySQL Server 9.x < 9.0.1 DoS (July 2024 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitabl...

Oracle Identity Manager (Jul 2024 CPU)

The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by a vilnerabilitys as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Third Party Spring Framework. The supported version...

Zoom Workplace Desktop App For Windows < 6.0.10 Privilage Escalation (ZSB-24026)

The version of Zoom Workplace Desktop App for Windows installed on the remote host is prior to 6.0.10. It is, therefore, affected by a privilage escalation vulnerability that may allow a local authenticated attacker to cause a privilege escalation. Note that Nessus has not tested for this issue b...

Oracle Primavera Gateway (Jul 2024 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Spring Framework. Supported versions that a...

Oracle MySQL Server 8.x < 8.4.1 (January 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior an...