The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
An internal proxy discovery request has been leaked to the public realm.
WPAD, or Web Proxy Auto-Discovery is a feature which enables some browsers to determine their web proxy settings automatically. WPAD requests are sent out through DNS and Netbios, relying on a locally configured WPAD server within the same network to provide proxy server information when requested. Through an error in DNS configuration, the remote host has sent a WPAD request to the public realm, potentially allowing for a man-in-the-middle (MiTM) attack to take place. A determined attacker who is able to register a gTLD with the same domain name could theoretically serve up false WPAD information, routing all web traffic through a proxy server of their control, allowing them to eavesdrop the connection.
Disable WPAD requests or ensure firewall settings are configured to drop any outbound 'WPAD' DNS lookups.