Lucene search
K

143 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/26 12:0 a.m.27 views

Ivanti Connect Secure 9.x / 22.x Authentication Bypass

Ivanti Connect Secure 9.x, 22.x suffers from an authentication bypass vulnerability. By crafting a specific HTTP request, a remote and unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization requirements. No source data...

9.1CVSS7.6AI score0.99999EPSS
Exploits23References4
Tenable Nessus
Tenable Nessus
added 2024/01/19 12:0 a.m.11 views

Atlassian Confluence 7.13.x < 7.19.17 Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.x prior to 7.19.17, 8.x prior to 8.5.5 or 8.6.x prior to 8.7.2. It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for thes...

8.8CVSS8.2AI score0.01565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/19 12:0 a.m.18 views

Atlassian Confluence 8.x < 8.5.5 Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.x prior to 7.19.17, 8.x prior to 8.5.5 or 8.6.x prior to 8.7.2. It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for thes...

8.8CVSS8.2AI score0.01565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/12/18 12:0 a.m.13 views

JavaScript Source Map Detected

Developers often combine and minify their application JavaScript sources to help the server delivering it more efficiently to the client browsers. Sometimes, web applications JavaScript code may also be transpiled from another language like CoffeeScript of TypeScript. A source map is a file that...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.15 views

SAP NetWeaver KW Reflected Cross-Site Scripting

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. No source data...

6.1CVSS6.3AI score0.22318EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/09/05 12:0 a.m.12 views

Apache Tomcat 11.0.0-M1 < 11.0.0-M11 Open Redirect

The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.92, 9.0.0-M1 to 9.0.79, 10.1.0-M1 to 10.1.12 or 11.0.0-M1 to 11.0.0-M10. If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger...

6.1CVSS7.5AI score0.05972EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.10 views

MediaWiki < 1.17.2 Deleted Text Exposure

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.17.2 or 1.18.x prior to 1.18.1. It is, therefore, affected by a flaw which may allow remote attackers to view deleted text via the prop=revisions parameter. Note that the scanner...

7.5CVSS7.3AI score0.0137EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/01 12:0 a.m.14 views

Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.0 prior to 7.13.20, 6.1.0 prior to 7.19.8 or 6.1.0 prior to 8.2.0. It is, therefore, affected by a Remote Code Execution flaw which permits remote attackers to execute arbitary co...

8.8CVSS8.3AI score0.02185EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.62 views

GeoServer SQL Injection

The GeoServer instance installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization through an OGC Common Query Language query. No source data...

9.8CVSS8.3AI score0.85247EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/05/05 12:0 a.m.46 views

Pprof Debug Files Detected

Pprof is a tool for visualization and analysis of profiling data. Output files may be located inside a hidden directory named debug/pprof/ & When exposed with the web application configuration, the files contained in this directory may expose sensitive information such as internal memory addresse...

6.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/14 12:0 a.m.7 views

WP Show Posts Plugin for WordPress < 1.1.4 Cross-Site Scripting

The WordPress WP Show Posts Plugin installed on the remote host is affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

5.4CVSS6.8AI score0.00695EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.15 views

Qwik < 0.21.0 Code Injection

Qwik in version 0.21.0 provides an extended serialization mechanism for exchanging data between the client and server. Through a specially crafted request on the endpoint /q-data.json, an unauthenticated attacker is able to inject code and execute arbitrary commands No source data...

10CVSS8AI score0.01149EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.31 views

Apache Tomcat 8.5.x < 8.5.86 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.86, 9.0.0-M1 prior to 9.0.72, 10.1.0-M1 prior to 10.1.6 or 11.0.0-M1 prior to 11.0.0-M3. It is, therefore, affected by an information disclosure due to the RemoteIpFilter. Note that the scanner has not attempted to...

4.3CVSS7AI score0.01831EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.17 views

Atlassian Jira < 7.6.0 Xss In SearchRequest.xml Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.6.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through...

6.1CVSS5.9AI score0.00899EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.16 views

Atlassian Jira < 5.0.1 Arbitrary File Reads

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 5.0.1. It does, therefore, not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of servic...

9.1CVSS7.7AI score0.66578EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.16 views

Atlassian Jira < 8.5.4 Dos Through Gadget API

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.4 or 8.6.0 prior to 8.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to make Jira unresponsive via repeated requests to a certai...

5.3CVSS7.3AI score0.02139EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.14 views

Atlassian Jira < 8.9.0 Improper Authorization In Project Administration

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.0. It is, therefore, affected by a vulnerability which permits remote attackers to obtain information about custom project avatars via an improper authorization...

5.3CVSS7AI score0.01005EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.29 views

Atlassian Confluence 7.13.9 < 7.13.12 Embedded Spring-Beans Denial Of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...

5.3CVSS7.2AI score0.01978EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.18 views

Atlassian Jira 8.6.x < 8.8.2 WYSIWYG Editor Cross-Site Scripting

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.9 or 8.6.x prior to 8.8.2. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting X...

6.1CVSS6AI score0.00732EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.16 views

Nginx Cloud Storage HTTP Splitting

The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...

7.2AI score
Exploits0References2
Rows per page
Query Builder