58858 matches found
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...
Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)
IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...
Exploit for CVE-2024-36527
CVE-2024-36527 PoC and Bulk Scanner !Bannerscreens/screen.j...
Flowise Chatflow Detected
This is an informational plugin to inform the user that the scanner has detected the use of a Flowise Chatflow. This detection is included in the AI and LLM category. No source data...
AnythingLLM Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the...
NextChat Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible NextChat formerly ChatGPT-Next-Web instance on the target application. NextChat is a collection of tools to help developers build their own AI service around most popular LLMs. This detection is...
LibreChat Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible LibreChat instance on the target application. LibreChat is an enhanced open-source ChatGPT clone. This detection is included in the AI and LLM category. No source data...
Open WebUI Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Open WebUI instance on the target application. Open WebUI offer an extensible web application designed for various LLM while offering a feature-rich environment. This detection is included in th...
Flowise Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category. No source data...
Atlassian Jira 9.5.x < 9.12.8 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...
AlmaLinux 9 : ghostscript (ALSA-2024:3999)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3999 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from the...
SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2024:2089-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2089-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSLfreebuffers. bsc1225551 Tenable has extracted the preceding description block directly from...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:2088-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2088-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSLfreebuffers. bsc1225551 Tenable has extracted the preceding description block directly from...
MLflow Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible MLflow instance on the target application. MLflow is a platform to streamline machine learning development and simplify model operations. This detection is included in the AI and LLM category. N...
Flowise Unauthenticated Access
By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to modify existing Chatflows and Agentflows. This detection is included in the AI and LLM category. N...
Quivr Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM models. This...
Flowise < 1.6.6 Authentication Bypass
Flowise versions prior to 1.6.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...
Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)
The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service video-capture outage via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Microsoft Edge (Chromium) < 126.0.2592.68 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.68. It is, therefore, affected by multiple vulnerabilities as referenced in the June 20, 2024 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2024-38082, CVE-2024-38093 - Type Confusion ...
Fedora 39 : libvirt (2024-c2e7b82022)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c2e7b82022 advisory. Fix crash in event loop CVE-2024-4418 Fix I/O stall when multiple threads issue RPC calls Fix leak of GSource object Fix leak of udev object referen...