Langflow Unauthenticated Access

By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they expose. This detection is included in the AI and LLM category. No source data...

MLflow Default Credentials

By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it. Thi...

MLflow Unauthenticated Access

By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...

WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

Ollama Unauthenticated Access

By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...

AnythingLLM Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the...

Atlassian Jira 9.13.x < 9.16.0 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...

Quivr Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM models. This...

Flowise Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category. No source data...

Flowise Unauthenticated Access

By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to modify existing Chatflows and Agentflows. This detection is included in the AI and LLM category. N...

Flowise Chatflow Detected

This is an informational plugin to inform the user that the scanner has detected the use of a Flowise Chatflow. This detection is included in the AI and LLM category. No source data...

MLflow Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible MLflow instance on the target application. MLflow is a platform to streamline machine learning development and simplify model operations. This detection is included in the AI and LLM category. N...

Atlassian Jira 9.5.x < 9.12.8 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...

Open WebUI Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Open WebUI instance on the target application. Open WebUI offer an extensible web application designed for various LLM while offering a feature-rich environment. This detection is included in th...

LibreChat Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LibreChat instance on the target application. LibreChat is an enhanced open-source ChatGPT clone. This detection is included in the AI and LLM category. No source data...

NextChat Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible NextChat formerly ChatGPT-Next-Web instance on the target application. NextChat is a collection of tools to help developers build their own AI service around most popular LLMs. This detection is...

CData Path Traversal

CData API Server 23.4.8844, CData Connect 23.4.8846, CData Arc 23.4.8839, CData Sync 23.4.8843 when running using the embedded Jetty server is affected by a vulnerability allowing an unauthenticated attacker to access unauthorized resources via a specially crafted request. No source data...

Digest Authentication Bruteforced

The scanner successfully authenticated on the target web application by using weak credentials in the request digest authentication HTTP header. No source data...

Unrestricted File Upload

Unrestricted file upload vulnerability occurs when the application suffers from a lack of validation of files being uploaded to its filesystem. When an attacker is able to upload files not matching the application expectations in terms of names, type, content or size, it could lead to various...

Concrete CMS Login Panel Detected

Concrete CMS Login Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No source...