BentoML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible BentoML instance on the target application. BentoML is an open-source inference platform. This detection is included in the AI and LLM category. No source data...

MCP Inspector < 0.14.1 Remote Code Execution

According to the self-reported version number, the version of MCP Inspector hosted on the remote is affected by a Remote Code Execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. This detectio...

MCP Server SSE DNS Rebinding

ModelContextProtocol MCP servers using SSE Server-Sent Events transport mode are prone to DNS rebinding attacks when they do not enforce strict verification of both the 'Origin' and 'Host' headers. This vulnerability allows an attacker to bypass same-origin policies, potentially leading to...

Typebot Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Typebot chatbot on the target application. Typebot is an open-source chatbot builder. This detection is included in the AI and LLM category. No source data...

Botpress Chatbot Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Botpress chatbot on the target application. Botpress is an open-source visual framework to build & deploy GPT/LLM Agents. This detection is included in the AI and LLM category. No source data...

Label Studio < 1.18.0 Reflected Cross-Site Scripting

Label Studio versions prior to 1.18.0 are vulnerable to a Reflected Cross-Site Scripting on '/projects/upload-example/' endpoint. This detection is included in the AI and LLM category. No source data...