CVE-2023-31240

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0703)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0703 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PHP 8.2.x < 8.2.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.29 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

CentOS 7 : gupnp (RHSA-2021:2417)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2417 advisory. - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...

Jenkins LTS < 2.462.3 / Jenkins weekly < 2.479 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.462.3 or Jenkins weekly prior to 2.479. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact...

Joomla! 5.x < 5.1.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. - The go command may execute arbitrary code at build time when using cgo. This may occur when running go get on a malicious...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0109)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0109 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler...

TeamCity Server < 2023.11.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...

WordPress 6.0 < 6.4.3

WordPress versions 6.0 6.4.3 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-4-3-maintenance-and-security-release. include'compat.inc'; if description...

ManageEngine NetFlow Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine NetFlow Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attack...

Trellix Enterprise Security Manager < 11.6.8 SSRF

The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.8. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Due to a flaw in the certificate validation functionality, a remote, authenticated attacker can upload arbitrary...

ManageEngine SupportCenter Plus < 14.2 Build 14200

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.2 Build 14200. It is, therefore, affected by a vulnerability as referenced in the support-centerCVE-2023-38331 advisory. - Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS i...

Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...

Jenkins LTS < 2.401.3 / Jenkins weekly < 2.416 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.3 or Jenkins weekly prior to 2.416. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not saniti...

Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...

FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities

According to its self-reported version, the instance of FatPipe MPVPN running on the remote web server is 10.1.2r60p91 or 10.2.2 10.2.2r42. It is, therefore, affected by multiple vulnerabilities, including: - FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42...

WordPress 6.0 < 6.2.1

WordPress versions 6.0 6.2.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-2-1-maintenance-security-release. include'compat.inc'; if description...

Atlassian Jira 8.6.0 < 8.7.2 DLL Hijacking

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.7.0. It is, therefore, affected by a vulnerability which permits when deployed onto the Windows operating system environment which allows local system attackers who ha...

SUSE CVE-2022-26505

A DNS rebinding issue in ReadyMedia formerly MiniDLNA before 1.3.1 allows a remote web server to exfiltrate media files...