CAGE Web Design | Rolf Van Gelder Security Vulnerabilities
Microsoft Azure CycleCloud Web Interface Detection
The web interface for Microsoft Azure CycleCloud was detected on the remote...
0.8AI Score
Microsoft Azure Service Fabric Web Detection
The web application or API for Azure Service Fabric, a container and microservices platform was detected on the remote...
1.1AI Score
SolarWinds Web Help Desk Installed (Windows)
SolarWinds Web Help Desk was detected on the remote Windows...
1.3AI Score
Cisco DNA Spaces Connector Web Detection.
The web user interface for Cisco DNA Spaces Connector was detected on the remote host. Note that HTTP form credentials are required to retrieve version...
2.3AI Score
1.3AI Score
HP DesignJet Printer Web Interface Detection
The web interface for HP DesignJet Printer was detected on the remote...
1.1AI Score
QLogic QConvergeConsole GUI Web Interface Detection
Nessus was able to detect the QLogic QConvergeConsole web interface for a network interface management tool on the remote...
1.1AI Score
Schneider Electric InduSoft Web Studio Detection
The remote host has Schneider Electric InduSoft Web Studio installed. This is a development and maintenance software for wireless SCADA...
1.2AI Score
VMware vRealize Automation Web UI Detection
The remote web server is running the web UI for VMware vRealize Automation, a cloud automation virtual appliance. Note: To obtain accurate version and build information provide HTTP basic authentication...
2.5AI Score
VMware vRealize Business Web UI Detection
The remote web server is running the web UI for VMware vRealize Business, an IT financial management...
2.4AI Score
Cisco Network Registrar Web UI Detection
The remote web server is the user interface for Cisco Network Registrar (CNR), which provides DNS, DHCP, and IP management...
1.7AI Score
McAfee Web Gateway User Interface Detection
The remote web server is the user interface (also known as Konfigurator) for McAfee Web...
2AI Score
Oracle iPlanet Web Proxy Server Detection
Oracle iPlanet Web Proxy Server, formerly Sun Java System Web Proxy Server, is installed on the remote Windows...
1.8AI Score
Tridium Niagara AX Web Server Detection
The remote host is running the Tridium Niagara AX Web Server, Tridium Niagara AX is a development framework used to create software for use in SCADA...
1.5AI Score
Mattermost crashes web clients via a malformed custom status
Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom...
4.3CVSS
6.6AI Score
0.0004EPSS
Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability
The version of Apache ActiveMQ running on the remote host is 6.x prior to 6.1.2. It is, therefore, affected by an insecure the API web that a attacker can use without any required authentication. Note that Nessus has not tested for this issue but has instead relied only on the application's...
8.5CVSS
8.5AI Score
0.0004EPSS
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through query...
6.1CVSS
6.1AI Score
0.001EPSS
Apache ActiveMQ Web Console Missing X-Frame-Options Clickjacking
The version of Apache ActiveMQ running on the remote host is affected by a clickjacking vulnerability in the web-based administration console due to not setting the X-Frame-Options header in HTTP responses. A remote attacker can exploit this to trick a user into executing administrative tasks....
6.1CVSS
6.5AI Score
0.002EPSS
7.4AI Score
CVE-2023-6028 SDM Web interface vulnerable to XSS
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...
6.1CVSS
6.2AI Score
0.001EPSS
7.4AI Score
0.0004EPSS
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
0.0004EPSS
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
7.2AI Score
0.0004EPSS
Microsoft Azure Web App Discovery And Assessment Service Installed (Windows)
Microsoft Azure Web App Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...
7.4AI Score
IIS 5.0 Sample App reveals physical path of web root
A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused...
7AI Score
7.4AI Score
EPSS
Plone allows anonymous users to reset any users password through the web via Password Reset Tool
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security...
7.2AI Score
0.002EPSS
Qianbo Enterprise Web Site Management System Cross Site Scripting Vulnerability
Qianbo Enterprise Web Site Management System is prone to a cross-site scripting (XSS)...
6.2AI Score
web-exposition.com Cross Site Scripting vulnerability OBB-3910667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Malicious code in galileo-web-sdk (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a1ea1d3425cddab091828432f9dffef7f8bc36f5fbf9bcd0e01dffe737417e92) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role,...
9.8CVSS
8.2AI Score
0.974EPSS
web-comp-pro.ru Cross Site Scripting vulnerability OBB-3905891
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
web-skills-school.com Cross Site Scripting vulnerability OBB-3905892
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
VMware Workspace ONE Assist Web Portal Detection
The web portal for VMware Workspace ONE Assist was detected on the remote...
1.4AI Score
IBM Spectrum Protect Plus Web UI Detection
The web user interface for IBM Spectrum Protect Plus (SPP) was detected on the remote host. IBM SPP is a data protection solution that provides near-instant recovery, replication, retention, and reuse for VMs, databases, and containers in hybrid multicloud...
1.9AI Score
Linksys Smart Wi-Fi Web Interface Detection
Nessus was able to detect the web administration interface for a Linksys Smart Wi-Fi Router device on the remote...
1.8AI Score
Cisco UCS Central Software Web UI Detection
The web user interface for Cisco Unified Computing System (UCS) Central Software, an infrastructure management system, was detected on the remote...
1.6AI Score
ClearSCADA Web Server Remote Denial of Service
The remote ClearSCADA web server is affected by a remote denial of service vulnerability. Sending a specially crafted request could cause the server to throw an exception resulting in a denial of service...
3.1AI Score
Autodesk Design Review Installed
Autodesk Design Review, a review software for Autodesk designs, is installed on the remote Windows...
3.3AI Score
IceWarp Web Mail <= 10.4.5 Information Disclosure Vulnerability - Active Check
IceWarp Web Mail is prone to an information disclosure ...
7AI Score
Graphite <=1.1.5 - Server-Side Request Forgery
Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is...
7.5CVSS
7.3AI Score
0.008EPSS
Yealink Device Management Platform Web Interface Detection
The web interface for Yealink Device Management Platform, a communications device management platform, was detected on the remote...
7.4AI Score
SonicWall Secure Mobile Access (SMA) Web Detection
The remote host is a SonicWall Secure Mobile Access (SMA) or Secure Remote Access (SRA) device. It is possible to obtain the version and model via the web interface. Note that HTTP form credentials may be required to retrieve the model...
2.7AI Score
Zinwave Series 3000 DAS Web Interface Detection
The remote host is running the web interface for a Zinwave Series 3000 DAS, a distributed antenna system hardware...
2.3AI Score
Microsoft Office Web Apps Installed (credentialed check)
Microsoft Office Web Apps, an online office suite, is installed on the remote Windows...
2AI Score
VMware vCenter Operations Manager Web UI Detection
The remote web server is running the web UI for VMware vCenter Operations Manager, an application for managing virtual...
2.3AI Score
Visual Mining NetCharts Server Web UI Detection
The remote host is running the web based user interface for Visual Mining NetCharts Server. It is possible to read the web UI version from a standard...
2.2AI Score
Siemens SCALANCE X-200 Web Session Hijacking
According to the self-reported version of the remote Siemens SCALANCE X-200 series device obtained from the SNMP system description, it is vulnerable to a web session hijacking vulnerability. This is due to a weakness in the integrated web server's random number...
2.4AI Score
libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share implementation flaws, but may share design...
7.1AI Score
0.0004EPSS
Web Cache Poisoning Denial of Service
A caching system has been detected on the application and is vulnerable to web cache poisoning. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains...
6.9AI Score