Lucene search
K

58856 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.34 views

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95942)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95942 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...

8.1CVSS6.4AI score0.03967EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.32 views

GitLab 15.8 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5655)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...

9.6CVSS6.1AI score0.07468EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.25 views

CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. - The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service...

7.5CVSS6.9AI score0.00848EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.25 views

GitLab 16.11.0 < 16.11.5 / 17.0.0 < 17.0.3 / 17.1.0 < 17.1.1 (CVE-2024-6323)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private...

7.5CVSS5.9AI score0.00521EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.23 views

Fedora 39 : chromium (2024-508d03d0c7)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-508d03d0c7 advisory. update to 126.0.6478.126 High CVE-2024-6290: Use after free in Dawn High CVE-2024-6291: Use after free in Swiftshader High CVE-2024-6292: Use after...

8.8CVSS8.3AI score0.00546EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.11 views

Langflow Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.14 views

MLflow Default Credentials

By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it. Thi...

7.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.8 views

MLflow Unauthenticated Access

By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.47 views

WordPress 5.2.x < 5.2.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.286 views

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.42 views

Adobe Commerce / Magento XML External Entity Injection (CosmicSting)

Adobe Magento Open Source / Commerce versions 2.4.7 2.4.7-p1, 2.4.6 2.4.6-p6, 2.4.5 2.4.5-p8, 2.4.4 2.4.4-p9 and earlier suffer from an XML External Entity XXE vulnerability. By exploiting this vulnerability and crafting a malicious XML document, a remote and unauthenticated attacker could achiev...

9.8CVSS8.1AI score0.99994EPSS
Exploits26References3
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.9 views

Chatgpt.js Detected

This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.25 views

WordPress 4.4.x < 4.4.33 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.202 views

WordPress 5.9.x < 5.9.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.347 views

WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.11 views

PHP Input Variables Exceeded

By default, PHP accepts a maximum of 1000 variables in a request. If there are more input variables than specified, an EWARNING is issued, and further input variables are truncated from the request depending on server configuration and application code, this can have various impacts such as...

7.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.695 views

WordPress 6.4.x < 6.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.10 views

Langflow Unauthenticated Access

By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they expose. This detection is included in the AI and LLM category. No source data...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.147 views

WordPress 4.8.x < 4.8.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.381 views

WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Rows per page
Query Builder