272 matches found
GeoServer Remote Code Execution
GeoServer versions 2.23.6, 2.24.0 2.24.4, 2.25.0 2.25.2 are affected by a vulnerability allowing a remote unauthenticated attacker to execute arbitrary code via a specially forged request due to an unsafely evaluating property names as XPath expressions. No source data...
Danswer Unauthenticated Access
By default, Danswer does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...
External Broken Resources Detected
Web applications heavily rely on external resources such as JavaScript files, Cascading Style Sheets CSS or images. When an application uses links which targets external resources which do not exist, an attacker could try gaining control over this resource to inject code in the target web...
ChatGPT-web Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible ChatGPT-web instance. ChatGPT-web is a simple one-page web interface to the OpenAI ChatGPT API. This detection is included in the AI and LLM category. No source data...
Qlik Sense Enterprise Path Traversal
Qlik Sense Enterprise for Windows is affected by a Path Traversal as well as an HTTP Request Smuggling, under specific conditions, the second vulnerability can be used to obtain an unauthenticated Remote Code Execution. No source data...
Odoo Database Manager Detected
Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. When exposed, this web interface can help an attacker trying to bruteforce weak master passwords and...
Missing 'Content-Type' Charset
The Content-Type header allows clients to find an appropriate way to render data, omission of the charset can lead to various behaviour like a Cross-Site Scripting abusing the browser's auto-detection mechanism. No source data...
CVE-2024-40552
creationtimestamp| type| source ---|---|--- 2024-07-12 19:27:04+00:00| seen| https://t.me/cvedetector/776...
CVE-2024-21521
creationtimestamp| type| source ---|---|--- 2024-07-10 07:33:58+00:00| seen| https://t.me/cvedetector/516...
CVE-2024-21525
All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length = 34 chars leads t...
ZenML Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible ZenML instance on the target application. ZenML is an open-source framework dedicated to MLOps abstracting the underlying infrastructure. This detection is included in the AI and LLM category. N...
PHP Input Variables Exceeded
By default, PHP accepts a maximum of 1000 variables in a request. If there are more input variables than specified, an EWARNING is issued, and further input variables are truncated from the request depending on server configuration and application code, this can have various impacts such as...
Langflow Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category. No source data...
Langflow Unauthenticated Access
By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they expose. This detection is included in the AI and LLM category. No source data...
MLflow Default Credentials
By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it. Thi...
Ollama Unauthenticated Access
By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...
MLflow Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible MLflow instance on the target application. MLflow is a platform to streamline machine learning development and simplify model operations. This detection is included in the AI and LLM category. N...
Flowise Unauthenticated Access
By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to modify existing Chatflows and Agentflows. This detection is included in the AI and LLM category. N...
NextChat Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible NextChat formerly ChatGPT-Next-Web instance on the target application. NextChat is a collection of tools to help developers build their own AI service around most popular LLMs. This detection is...
Atlassian Jira 9.5.x < 9.12.8 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issue...