Web Cache Poisoning Denial of Service
A caching system has been detected on the application and is vulnerable to web cache poisoning. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains...
6.9AI Score
N-able N-central Web Interface Detection
The web interface for N-able N-central was detected on the remote...
7.5AI Score
Oracle WebLogic Web Services Test Client Detection
Oracle WebLogic Web services test client was detected on the remote...
1.3AI Score
7.5CVSS
8.2AI Score
0.001EPSS
7.4AI Score
QNAP QTS/QES/QuTS hero - Web Detection
Detects the web interface for QNAP QTS/QES/QuTS hero on the remote...
0.8AI Score
SAP BusinessObjects Business Intelligence Platform Web Detection.
SAP BusinessObjects Business Intelligence Platform web interface detected on remote...
0.8AI Score
D-Link DIR Router Web Interface Detection
Nessus was able to detect the web interface for a D-Link DIR router on the remote...
1.3AI Score
Emerson SM-Ethernet Web Interface Default Credentials
It was possible to log into the remote Emerson SM-Ethernet web interface by providing the default credentials. A remote attacker can exploit this to gain administrative...
4.3AI Score
Honeywell XL Web Controller FTP Directory Traversal
The remote host is a Honeywell XL Web SCADA controller that is running a firmware version affected by a directory traversal vulnerability in the FTP server. A remote, unauthenticated attacker can exploit this to gain access to the web root...
2.2AI Score
EMC Cloud Tiering Appliance Web Interface Detection
The remote web server is the user interface for EMC Cloud Tiering Appliance (CTA), an appliance-based solution for file tiering, archiving and...
2.9AI Score
Tridium Niagara AX Web Server Multiple Vulnerabilities
The remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities : A directory traversal vulnerability exists that allows access to a file that stores login usernames and passwords. (CVE-2012-4027) The system insecurely stores user...
2AI Score
0.003EPSS
Trellix Enterprise Security Manager Web Interface Detection
The web interface for Trellix Enterprise Security Manager (formerly known as McAfee Enterprise Security Manager) was detected on the remote...
7.1AI Score
Zyxel Unified Security Gateway (USG) Web Detection
The web UI for Zyxel Unified Security Gateway (USG) was detected on the remote host. Note: HTTP basic authentication credentials are required by the CGI for obtaining granular version...
1.8AI Score
VISAM Automation Base (VBASE) Web-Remote Detection
The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...
1.5AI Score
Cisco Small Business Router Web UI Detection
Cisco Small Business router web user interface detected on remote host. Note that HTTP credentials are required to retrieve the...
1.7AI Score
Cisco Firepower Device Manager Web Interface Detection
The remote host is running the Firepower Device Manager, which allows for the configuration of FTD...
2AI Score
Cisco UCS Platform Emulator Web UI Detection
Cisco Unified Computing System (UCS) Platform Emulator, software for emulating Cisco UCS hardware communications, is running on the remote...
1.2AI Score
MicroLogix 1400 PLC Web Server Multiple Vulnerabilities
The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.003. It is, therefore, affected by multiple vulnerabilities : A flaw exists due to improper sanitization of user-supplied input before using it in SQL queries. An authenticated, remote...
2.1AI Score
0.002EPSS
Honeywell FALCON XL Web Controller Multiple Vulnerabilities
The remote host is a Honeywell FALCON XL Web SCADA controller that is running a firmware version affected by the following vulnerabilities : The change password page can be accessed without authentication to determine users' password hashes, which can allow a remote attacker to gain...
2.8AI Score
0.003EPSS
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
5.3CVSS
7AI Score
0.0004EPSS
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...
5.4CVSS
6.5AI Score
0.001EPSS
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
4.2AI Score
0.0004EPSS
CVE-2023-4479 Stored XSS Vulnerability in M-Files Web
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...
7.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
6.8AI Score
0.0004EPSS
Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass
According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password...
6.7AI Score
0.002EPSS
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...
5.4CVSS
6.5AI Score
0.001EPSS
Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check
Generic check for HTTP directory traversal vulnerabilities within URL parameters of the remote web...
7.5CVSS
7.6AI Score
0.972EPSS
Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components
Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...
7.1AI Score
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...
8.8CVSS
9AI Score
0.002EPSS
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid...
7.2AI Score
EPSS
7.3AI Score
GetSimple CMS 3.3.13 - Open Redirect
GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...
6.1CVSS
6.3AI Score
0.001EPSS
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...
7.2AI Score
0.0004EPSS
MinIO information disclosure vulnerability in github.com/minio/minio
MinIO information disclosure vulnerability in...
5.3CVSS
5AI Score
0.0004EPSS
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...
8.5AI Score
EPSS
CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....
4.3CVSS
5AI Score
0.0005EPSS
CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....
4.3CVSS
6.9AI Score
0.0005EPSS
mocodo is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation at /web/rewrite.php, which allows an attacker to inject and execute arbitrary...
7.7AI Score
EPSS
Sensitive Information Disclosure
github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object...
5.3CVSS
6.7AI Score
0.0004EPSS
Malicious code in cuckoo-3-web-ui-tooling (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (adbea70f2acb33710c8ecb7e13e55c24980ccd349854aa6c82915d2829359e15) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an...
5.7CVSS
5.4AI Score
0.0004EPSS
Apache ActiveMQ 5.x < 5.14.2 Web-based Administration Console Unspecified XSS
The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web-based administration console due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...
6.1CVSS
6.2AI Score
0.004EPSS
ManageEngine - Remote Command Execution
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...
9.8CVSS
9.9AI Score
0.974EPSS
7.8CVSS
9.7AI Score
0.023EPSS
github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...
2.6CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4175 Improper Input Validation vulnerability in Hyperion Web Server
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII...
5.4CVSS
6.8AI Score
0.0004EPSS
CVE-2024-25646 Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the...
7.7CVSS
7.5AI Score
0.0004EPSS
Lin CMS Spring Boot - Default JWT Token
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the...
7.5CVSS
7.4AI Score
0.016EPSS
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...
7.2AI Score
0.0004EPSS