Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
NozomiRecent
RecentMost viewed

53 matches found

NOZOMI
NOZOMIadded 2020/02/25 12:0 a.m.6 views

NGINX allows HTTP request smuggling

Summary Under some special configuration NGINX permits HTTP request smuggling which can lead an attacker to access unauthorized web pages. Impact None. Our products are not affected by this issue because the configuration used is not vulnerable. Mitigation Not required Solution Not required...

5.3CVSS6.8AI score0.14961EPSS
Exploits3
NOZOMI
NOZOMIadded 2019/11/11 12:0 a.m.3 views

Stored XSS in field name data model

Summary An attacker with admin access to the appliance can inject malicious code that will later be executed by another legitimate users. This allows an attacker to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible using the field name when adding new...

7.6CVSS7.3AI score
Exploits0Affected Software2
NOZOMI
NOZOMIadded 2019/11/11 12:0 a.m.4 views

CSV Injection on node label

Summary CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node li...

8CVSS6.6AI score
Exploits0Affected Software2
Total number of security vulnerabilities53