Malicious code in mbt (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

Custom HTTP Header Detected

This is an informational notice that the scanner was able to detect custom HTTP headers in the target application's responses. No source data...

NVIDIA Triton Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible NVIDIA Triton instance on the target application. NVIDIA Triton provides an optimized cloud and edge inferencing solution. This detection is included in the AI and LLM category. No source data...

ClearML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ClearML instance on the target application. ClearML is an infrastructure platform for AI builders. This detection is included in the AI and LLM category. No source data...

OAuth Dynamic Client Registration Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible OAuth Dynamic Client Registration endpoint on the target application. OAuth Dynamic Client Registration allows clients to register dynamically with an authorization server and is very common in...

CVE-2025-26486

CVE-2025-26486 affects Beta80 Life 1st Identity Manager (Life 1st) up to version 1.5.2.14234. The issue arises from broken or risky cryptographic algorithms, passwords hashed with insufficient computational effort, weak hashes, and use of a one‑way hash with a predictable salt. An attacker with a...

Server-Side Request Forgery

Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...

CVE-2019-5066

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document nee...

Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)

An insecure deserialization vulnerability exists in Apache Struts 2. This vulnerability is due to Apache Struts 2 having a dependency on a vulnerable version of Commons FileUpload. Successful exploitation can result in arbitrary file upload within the security context of the target application...