Amazon Web Services EC2 Instance Metadata Enumeration (Windows)
The remote host appears to be an Amazon Machine Image. Nessus will attempt to use the metadata API to collect information about the...
3.3AI Score
RuggedCom RuggedOS < 3.12.1 Web UI Multiple Security Vulnerabilities
According to its self-reported version, the RuggedCom RuggedOS (ROS) Web UI is affected by multiple vulnerabilities, some of which could allow a remote attacker to gain administrative access to the...
4.8AI Score
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
7.8CVSS
7.7AI Score
0.005EPSS
Malicious code in agencyportal-web (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3f01ab5c8d151da175f79cd0379f0f4d714ddceb4075503d821ee2f05515d1cb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
web-canape.ru Cross Site Scripting vulnerability OBB-3887022
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
D-Link D-View 8 Web Server Detection
The D-Link D-View 8 Web Server is running on the remote...
7.1AI Score
RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection
The remote device is running the RuggedCom RuggedOS (ROS) web-based administration...
2.6AI Score
WatchGuard FireboxV and XTM Fireware OS Web Detection
The web UI for a WatchGuard FireboxV or XTM running Fireware OS was detected on the remote host. Note the plugin attempts to retrieve the Fireware OS version information from the API when HTTP Basic authentication credentials are...
1.6AI Score
Trend Micro Apex One Management Web Console Detection
The web console interface for a Trend Micro Apex One Management server was detected on the remote...
1.1AI Score
Symantec Data Center Security Web Administration Interface Detection
The remote host is running a web interface for Symantec Data Center Security, an information security management...
1AI Score
RuggedCom RuggedOS Web-Based Admin Interface Default Credentials
The remote RuggedCom RuggedOS (ROS) device is running a web-based interface that allows login using default...
3.1AI Score
web-argitalpena.adm.ehu.es Cross Site Scripting vulnerability OBB-3888546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cisco Small Business Wireless Access Point Web Detection
The web management interface for a Cisco Small Business Wireless Access Point was detected on the remote host. If credentials were supplied the version information should be available in the...
2.1AI Score
Loxone Smart Home Miniserver Web Server Version Detection
The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...
2.5AI Score
Siemens SIMATIC S7-1200 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the SIMATIC S7-1200 Programmable Logic Controller...
2.4AI Score
Generic HTTP Directory Traversal (Web Dirs) - Active Check
Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...
9.8CVSS
8AI Score
0.975EPSS
web-corpora.net Cross Site Scripting vulnerability OBB-3896470
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
RSA Authentication Agent for Web for Apache Installed
RSA Authentication Agent for Web for Apache is installed on the remote...
2.9AI Score
Generic HTTP Directory Traversal (Web Root) - Active Check
Generic check for HTTP directory traversal vulnerabilities on the web root level of the remote web...
9.8CVSS
8AI Score
0.975EPSS
Moxa NPort Unprotected Web Console
The remote Moxa NPort Web Console is not protected by a ...
7.4AI Score
web-corpora.net Cross Site Scripting vulnerability OBB-3882566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
6.5CVSS
1.9AI Score
0.001EPSS
reportico-web/reportico is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user input within the execute_mode parameter of the URL, which allows attackers obtain sensitive...
6.6AI Score
0.0004EPSS
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
6.5CVSS
6.1AI Score
0.001EPSS
This plugin provides vulnerability detections in Web applications and Web site...
6.9AI Score
The web UI for CKAN, an open source data management system was detected on the remote...
7.1AI Score
The web management interface for OpenMediaVault was detected on the remote...
1.1AI Score
The web management interface for an OpenGear series 7x00 appliance was detected on the remote host. It is possible to extract the firmware version and model information if login credentials are...
2.7AI Score
5.5CVSS
5AI Score
0.001EPSS
5.5CVSS
5AI Score
0.001EPSS
web-exposition.com Cross Site Scripting vulnerability OBB-3910667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cisco IOS XE Software Web UI Command Injection (cisco-sa-web-cmdinj2-fOnjk2LD)
According to its self-reported version, the IOS XE is affected by command injection vulnerability. A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying...
8.8CVSS
9.4AI Score
0.002EPSS
Reportico affected by Incorrect Access Control
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the...
6AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.002EPSS
Trend Micro Mobile Security for Enterprise Web Console Detection
The web console for Trend Micro Mobile Security for Enterprise, a security solution for mobile devices, was detected on the remote...
0.7AI Score
VMware NSX For vSphere (NSX-v) Web Interface Detection
The web interface for VMware NSX for vSphere (NSX-v), also known as VMware NSX Data Center for vSphere, was detected on the remote...
1.8AI Score
Trend Micro InterScan Web Security Virtual Appliance Device Detection
The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL filtering. Nessus was able to read the OS version number by logging into the device via...
2.4AI Score
Ivanti Endpoint Manager Cloud Services Appliance web interface detection
The web portal for Ivanti Endpoint Manager Cloud Services Appliance was detected on the remote host. Note: To obtain accurate version and build information provide HTTP basic authentication...
7.5AI Score
Cisco TelePresence Video Communication Server (VCS) Web UI Detection
The login page for a Cisco TelePresence Video Communication Server (VCS) video conferencing device was detected on the remote web server. With valid HTTP credentials, it is possible to extract version information from the web user...
2AI Score
iniNet SpiderControl SCADA Web Server 2.02 Local Privilege Escalation
According to its self-reported version, the iniNet SpiderControl SCADA Web Server running on the remote host is version 2.02. It is, therefore, affected by a flaw due to setting insecure permissions on the installation directory and files. A local attacker can exploit this to replace files,...
2.8AI Score
web-comp-pro.ru Cross Site Scripting vulnerability OBB-3905891
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
PrestaShop Step by Step products Pack - SQL Injection
In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected...
9.8CVSS
9.9AI Score
0.066EPSS
web-skills-school.com Cross Site Scripting vulnerability OBB-3905892
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-33953 WordPress Adventure Journal theme <= 1.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
7.1AI Score
1.2AI Score
0.8AI Score