143 matches found
Sequelize Configuration File Detected
Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...
Nginx 1.5.13 < 1.26.2 Buffer Over-read
According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...
Flowise < 2.0.6 Authentication Bypass
Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...
Gradio Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category. No source data...
FCKEditor Unsupported Version
The installation of FCKEditor detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...
Laravel Pulse Unrestricted Access
Laravel Pulse is a Laravel package that provides information about application performance. If an attacker gains access to this dashboard, he can retrieve sensitive information, notably from stack traces or endpoints. No source data...
Ivanti EPM Cloud Services Appliance < 4.6.0-512 Remote Code Execution
Ivanti EPM Cloud Services Appliance versions prior to 4.6.0-512 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request with limited permissions nobody. No source data...
Ray Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning ML and Python applications. This detection is included in the AI and LLM category. No...
WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...
Chatgpt.js Detected
This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category. No source data...
Atlassian Jira 9.13.x < 9.16.0 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...
AnythingLLM Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the...
Flowise Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category. No source data...
Quivr Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM models. This...
IBM Aspera Faspex < 4.4.2 PL2 Remote Code Execution
IBM Aspera Faspex versions before 4.4.2 patch level 2 suffer from a YAML deserialization issue. By crafting a specific payload on a specific API path, a remote and unauthenticated attacker can achieve remote code execution on the target instance. No source data...
Adobe ColdFusion < 2021 Update 12 / < 2023 Update 6 Cross-Site Scripting
Adobe ColdFusion prior to versions 2021 Update 12 or 2023 Update 6, suffer from a Cross-Site Scripting vulnerability through a specially forged URL. No source data...
Adobe ColdFusion < 2021 Update 12 / < 2023 Update 6 Remote Code Execution
Adobe ColdFusion prior to versions 2021 Update 12 or 2023 Update 6, suffer from an Insecure Deserialization vulnerability through the argumentCollection parameter on /CFIDE/wizards/common/utils.cfc endpoint. By leveraging this vulnerability, a remote unauthenticated attacker could achieve a remot...
Amazon Web Services Detected
This is an informational notice that the scanner was able to detect that the target application is using an Amazon Web Services cloud service. No source data...
Ivanti Connect Secure 9.x / 22.x Server-Side Request Forgery
Ivanti Connect Secure 9.x, 22.x suffers from a Server-Side Request Forgery. By crafting a specific HTTP request, a remote attacker could exploit this vulnerability to access certain restricted resources without authentication. No source data...
WordPress 6.1.x < 6.1.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...