Lucene search
+L

143 matches found

nessus
nessus
added 2024/09/12 12:0 a.m.8 views

Sequelize Configuration File Detected

Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...

7.4AI score
Exploits0References2
nessus
nessus
added 2024/09/06 12:0 a.m.28 views

Nginx 1.5.13 < 1.26.2 Buffer Over-read

According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...

5.7CVSS5.3AI score0.0032EPSS
Exploits0References2
nessus
nessus
added 2024/09/06 12:0 a.m.11 views

Flowise < 2.0.6 Authentication Bypass

Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...

9.8CVSS7.8AI score0.42783EPSS
Exploits0References3
nessus
nessus
added 2024/09/03 12:0 a.m.13 views

Gradio Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References2
nessus
nessus
added 2024/09/03 12:0 a.m.15 views

FCKEditor Unsupported Version

The installation of FCKEditor detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

7.6AI score
Exploits0References2
nessus
nessus
added 2024/09/03 12:0 a.m.10 views

Laravel Pulse Unrestricted Access

Laravel Pulse is a Laravel package that provides information about application performance. If an attacker gains access to this dashboard, he can retrieve sensitive information, notably from stack traces or endpoints. No source data...

6.8AI score
Exploits0References3
nessus
nessus
added 2024/07/22 12:0 a.m.7 views

Ivanti EPM Cloud Services Appliance < 4.6.0-512 Remote Code Execution

Ivanti EPM Cloud Services Appliance versions prior to 4.6.0-512 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request with limited permissions nobody. No source data...

9.8CVSS8.2AI score0.99105EPSS
Exploits9References2
nessus
nessus
added 2024/07/03 12:0 a.m.12 views

Ray Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning ML and Python applications. This detection is included in the AI and LLM category. No...

7.2AI score
Exploits0References2
nessus
nessus
added 2024/06/26 12:0 a.m.292 views

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
nessus
nessus
added 2024/06/26 12:0 a.m.10 views

Chatgpt.js Detected

This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References1
nessus
nessus
added 2024/06/20 12:0 a.m.41 views

Atlassian Jira 9.13.x < 9.16.0 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...

7.4CVSS7AI score0.00439EPSS
Exploits0References2
nessus
nessus
added 2024/06/20 12:0 a.m.16 views

AnythingLLM Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the...

7.2AI score
Exploits0References2
nessus
nessus
added 2024/06/20 12:0 a.m.12 views

Flowise Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References2
nessus
nessus
added 2024/06/20 12:0 a.m.13 views

Quivr Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM models. This...

7.2AI score
Exploits0References2
nessus
nessus
added 2024/05/06 12:0 a.m.8 views

IBM Aspera Faspex < 4.4.2 PL2 Remote Code Execution

IBM Aspera Faspex versions before 4.4.2 patch level 2 suffer from a YAML deserialization issue. By crafting a specific payload on a specific API path, a remote and unauthenticated attacker can achieve remote code execution on the target instance. No source data...

9.8CVSS8.2AI score0.99968EPSS
Exploits5References3
nessus
nessus
added 2024/04/02 12:0 a.m.26 views

Adobe ColdFusion < 2021 Update 12 / < 2023 Update 6 Cross-Site Scripting

Adobe ColdFusion prior to versions 2021 Update 12 or 2023 Update 6, suffer from a Cross-Site Scripting vulnerability through a specially forged URL. No source data...

6.1CVSS6.6AI score0.84811EPSS
Exploits0References2
nessus
nessus
added 2024/03/25 12:0 a.m.13 views

Adobe ColdFusion < 2021 Update 12 / < 2023 Update 6 Remote Code Execution

Adobe ColdFusion prior to versions 2021 Update 12 or 2023 Update 6, suffer from an Insecure Deserialization vulnerability through the argumentCollection parameter on /CFIDE/wizards/common/utils.cfc endpoint. By leveraging this vulnerability, a remote unauthenticated attacker could achieve a remot...

9.8CVSS8.2AI score0.80178EPSS
Exploits0References2
nessus
nessus
added 2024/02/08 12:0 a.m.13 views

Amazon Web Services Detected

This is an informational notice that the scanner was able to detect that the target application is using an Amazon Web Services cloud service. No source data...

7.2AI score
Exploits0References1
nessus
nessus
added 2024/02/07 12:0 a.m.15 views

Ivanti Connect Secure 9.x / 22.x Server-Side Request Forgery

Ivanti Connect Secure 9.x, 22.x suffers from a Server-Side Request Forgery. By crafting a specific HTTP request, a remote attacker could exploit this vulnerability to access certain restricted resources without authentication. No source data...

9.1CVSS7.2AI score0.99999EPSS
Exploits24References4
nessus
nessus
added 2024/02/02 12:0 a.m.85 views

WordPress 6.1.x < 6.1.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

7.6AI score
Exploits0References1
Rows per page
Query Builder