0.8AI Score
AVTech Web Interface Detection
Nessus was able to detect the web interface for an AVTech device on the remote...
1AI Score
The remote web server is the user interface for NAS4Free, an open-source network-attached storage software distribution based on FreeBSD. NAS4Free is a direct continuation of the original FreeNAS...
2.2AI Score
Web Application Firewall Detection
By analyzing error codes and messages returned from some web queries, Nessus is able to determine that the remote web server is protected by a web application firewall. Such protection may disrupt scan results. Countermeasures have been taken to make the scan as reliable as...
2.1AI Score
Cisco IOS XE Software Web UI Command Injection Vulnerability (cisco-sa-web-cmdinj4-S2TmH7GA)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...
7.2CVSS
7.3AI Score
0.001EPSS
CVE-2023-1841 Honeywell MPA2 Web Application XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update...
8.1CVSS
6.1AI Score
0.0004EPSS
Rancher Web Interface Detection
Rancher, a Kubernetes management platform, was detected based on the web...
1.2AI Score
Nessus was able to detect the web interface for an AXIS device on the remote...
1.2AI Score
Microsoft Azure Web App Discovery And Assessment Service Installed (Windows)
Microsoft Azure Web App Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...
7.4AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through...
6.5CVSS
7.3AI Score
0.0004EPSS
0.6AI Score
Buffalo TeraStation Web detection
Buffalo TeraStation, a network attached storage (NAS), was detected based on the web...
1.5AI Score
pfSense Web Interface Detection
The web interface for pfSense was detected on the remote host. pfSense is an open source firewall based on...
0.6AI Score
Belkin Web Interface Detection
Nessus was able to detect the web administration interface for a Belkin device on the remote...
1.6AI Score
Barracuda Web Filter Detection
The remote host appears to be a Barracuda Web Filter device, used to control access to websites and applications by end...
2.5AI Score
ClearSCADA Web Server Detection
The remote host is running the ClearSCADA web server, part of a software platform for managing and monitoring remote SCADA...
1.9AI Score
Stolen Singaporean Identities Sold on Dark Web Starting at $8
Singapore citizens, beware! Cybercriminals are targeting your digital identities and KYC data, starting at just $8, putting users at risk of exploitation. Learn how to protect your data, finances, and reputation with strong passwords, multi-factor authentication, and smart online...
7.2AI Score
Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check
Generic check for HTTP directory traversal vulnerabilities within URL parameters of the remote web...
7.5CVSS
6.6AI Score
0.972EPSS
GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...
0.8AI Score
0.8AI Score
0.3AI Score
NETGEAR Web Interface Detection
Nessus was able to detect the web administration interface for a NETGEAR device on the remote...
1.6AI Score
Oracle Web Determinations Detection
The remote web server hosts Oracle Web Determinations, a web-based interactive assessment system that is a component of Oracle Policy...
1.7AI Score
This script initializes the credentials used for Amazon Web Services checks done via the...
1.6AI Score
The remote host is a McAfee Web Gateway (MWG) Appliance. MWG acts as a proxy server and provides web filtering and monitoring...
1.5AI Score
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
Microsoft Internet Explorer Information Disclosure and Web Site Spoofing Vulnerabilities
Microsoft Internet Explorer is prone to information disclosure and web site spoofing...
5.9AI Score
0.064EPSS
CVE-2023-1841 Honeywell MPA2 Web Application XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update...
8.1CVSS
7.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...
5.9CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...
5.9CVSS
6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...
5.9CVSS
6.7AI Score
0.0004EPSS
AVEVA InduSoft Web Studio / InTouch Edge HMI Command 66 RCE
The AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition) running on the remote host is affected by a remote code execution vulnerability due to multiple flaws in the TCPIP server listening on the default ports 1234 and 51234. Specifically, the server does not...
1.9AI Score
RHEL 7 : web-admin-build (RHSA-2020:5599)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5599 advisory. Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies...
8.2CVSS
8.3AI Score
0.717EPSS
(RHSA-2024:2731) Moderate: Red Hat OpenStack Platform 17.1 (python-django) security update
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Security Fix(es): denial-of-service in intcomma template filter (CVE-2024-24680) ...
6.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Apache ActiveMQ Web Console Test Pages Information Disclosure
The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...
7.2AI Score
web-insolite.net Improper Access Control vulnerability OBB-3867301
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
RHEL 6 : python-twisted-web (RHSA-2020:1962)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using...
9.8CVSS
9.7AI Score
0.009EPSS
Citrix Access Gateway Administrative Web Interface Default Credentials
It is possible to log into the remote Citrix Access Gateway administrative web interface by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application server and, for example, upload a new system...
7.6AI Score
RHEL 7 : web-admin-build (RHSA-2022:1628)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1628 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active...
7.5CVSS
8AI Score
0.003EPSS
VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)
The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...
7.5CVSS
4.2AI Score
0.002EPSS
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
0.001EPSS
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
7.2AI Score
0.001EPSS
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
3.8AI Score
0.0004EPSS
IIS 5.0 Sample App reveals physical path of web root
A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused...
7AI Score
Qianbo Enterprise Web Site Management System Cross Site Scripting Vulnerability
Qianbo Enterprise Web Site Management System is prone to a cross-site scripting (XSS)...
6.2AI Score
Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability
The version of Apache ActiveMQ running on the remote host is 6.x prior to 6.1.2. It is, therefore, affected by an insecure the API web that a attacker can use without any required authentication. Note that Nessus has not tested for this issue but has instead relied only on the application's...
8.5CVSS
8.5AI Score
0.0004EPSS
8.8CVSS
7.2AI Score
0.002EPSS
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
5.3CVSS
7AI Score
0.0004EPSS