Nginx 1.5.13 < 1.26.2 Buffer Over-read

According to its Server response header, the installed version of nginx is 1.5.13 to 1.26.2 or 1.27.0. It is, therefore, affected by a security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file...

FCKEditor Unsupported Version

The installation of FCKEditor detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Gradio Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category. No source data...

Ivanti Virtual Traffic Manager Authentication Bypass

Ivanti Virtual Traffic Manager vTM versions before 22.2R1 and 22.x 22.7R2 suffers from an authentication bypass vulnerability. By exploiting this vulnerability, a remote and unauthenticated attacker can access the administration panel and perform arbitrary modifications on the affected instance. ...

Laravel Pulse Unrestricted Access

Laravel Pulse is a Laravel package that provides information about application performance. If an attacker gains access to this dashboard, he can retrieve sensitive information, notably from stack traces or endpoints. No source data...

GeoServer Remote Code Execution

GeoServer versions 2.23.6, 2.24.0 2.24.4, 2.25.0 2.25.2 are affected by a vulnerability allowing a remote unauthenticated attacker to execute arbitrary code via a specially forged request due to an unsafely evaluating property names as XPath expressions. No source data...

Danswer Unauthenticated Access

By default, Danswer does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category. No source data...

External Broken Resources Detected

Web applications heavily rely on external resources such as JavaScript files, Cascading Style Sheets CSS or images. When an application uses links which targets external resources which do not exist, an attacker could try gaining control over this resource to inject code in the target web...

ChatGPT-web Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ChatGPT-web instance. ChatGPT-web is a simple one-page web interface to the OpenAI ChatGPT API. This detection is included in the AI and LLM category. No source data...

Ivanti EPM Cloud Services Appliance < 4.6.0-512 Remote Code Execution

Ivanti EPM Cloud Services Appliance versions prior to 4.6.0-512 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request with limited permissions nobody. No source data...

Odoo Database Manager Detected

Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. When exposed, this web interface can help an attacker trying to bruteforce weak master passwords and...

Missing 'Content-Type' Charset

The Content-Type header allows clients to find an appropriate way to render data, omission of the charset can lead to various behaviour like a Cross-Site Scripting abusing the browser's auto-detection mechanism. No source data...

Qlik Sense Enterprise Path Traversal

Qlik Sense Enterprise for Windows is affected by a Path Traversal as well as an HTTP Request Smuggling, under specific conditions, the second vulnerability can be used to obtain an unauthenticated Remote Code Execution. No source data...

CVE-2024-40552

creationtimestamp| type| source ---|---|--- 2024-07-12 19:27:04+00:00| seen| https://t.me/cvedetector/776...

Buffer Overflow

node-twain is vulnerable to a buffer overflow. The vulnerability is due to improper handling of exceptional conditions related to the length of source data while reading a new twain.TwainSDK object with certain properties of sufficient length = 34 characters. The vulnerability allows an attacker ...

CVE-2024-21521

creationtimestamp| type| source ---|---|--- 2024-07-10 07:33:58+00:00| seen| https://t.me/cvedetector/516...

CVE-2024-21525

All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length = 34 chars leads t...

Ray Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning ML and Python applications. This detection is included in the AI and LLM category. No...

ZenML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ZenML instance on the target application. ZenML is an open-source framework dedicated to MLOps abstracting the underlying infrastructure. This detection is included in the AI and LLM category. N...

Malicious Third Party Domain Detected

Supply chain attacks occur when one or more dependencies of an application are compromised, making the malicious code being shipped to the web application and, allowing threat actors to perform various operations depending on the logic of the code being altered like credentials stealing or...