183 matches found
CVE-2024-48826
creationtimestamp| type| source ---|---|--- 2024-10-28 19:31:09+00:00| seen| None 2024-10-28 22:01:30+00:00| seen| https://t.me/cvedetector/9174 2026-07-05 08:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpv4mgawro2l...
CVE-2024-50460
creationtimestamp| type| source ---|---|--- 2024-10-28 17:52:11+00:00| seen| None 2024-10-28 20:21:02+00:00| seen| https://t.me/cvedetector/9158...
Gradio < 4.37.1 Open Redirect
Gradio before version 4.37.1 suffer from an open redirect vulnerability, allowing an attacker to craft a link and try redirecting target applications users to a malicious server. This detection is included in the AI and LLM category. No source data...
Apache Tapestry Arbitrary File Read
Apache Tapestry versions 5.4.0 5.6.2 and 5.7.0 5.7.1 allows an unauthenticated attacker to access Class files via a specially crafted request. If the value of 'tapestry.hmac-passphrase' is recovered, this vulnerability can be exploited to obtain arbitrary code execution through the value of the...
CVE-2024-45733
creationtimestamp| type| source ---|---|--- 2024-10-14 20:01:33+00:00| seen| https://t.me/cvedetector/7842 2024-10-15 08:56:39+00:00| seen| Telegram/ogWYXRd5jkGfb4csux216rM-nxQYrbB7cGOQSlND5a7 2024-10-18 12:28:37+00:00| seen| None 2025-01-15 17:55:00+00:00| seen|...
Sequelize Configuration File Detected
Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...
Nginx 1.5.13 < 1.26.2 Buffer Over-read
According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...
Flowise < 2.0.6 Authentication Bypass
Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API. No source data...
Nginx 1.27.0 Buffer Over-read
According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...
Gradio Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category. No source data...
FCKEditor Unsupported Version
The installation of FCKEditor detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...
Laravel Pulse Unrestricted Access
Laravel Pulse is a Laravel package that provides information about application performance. If an attacker gains access to this dashboard, he can retrieve sensitive information, notably from stack traces or endpoints. No source data...
Ivanti EPM Cloud Services Appliance < 4.6.0-512 Remote Code Execution
Ivanti EPM Cloud Services Appliance versions prior to 4.6.0-512 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request with limited permissions nobody. No source data...
Apache 2.4.60 Source Code Disclosure
According to its banner, the version of Apache running on the remote host is 2.4.60. It is, therefore, affected by a source code disclosure with handlers configured via AddType. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
Ray Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning ML and Python applications. This detection is included in the AI and LLM category. No...
WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...
Chatgpt.js Detected
This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category. No source data...
Atlassian Jira 9.13.x < 9.16.0 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...
AnythingLLM Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the...
Flowise Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category. No source data...