Jun 4, 2025, 6:29 AM Modified Detection- 112907GraphQL Interface Detected
- 113906Advanced Custom Fields for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 113908Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 114313Flowise Chatflow Detected
- 114790MCP Server Detected
- 114791MCP Server Unauthenticated Access
- 98008Web Application Firewall Detected
New- 114804Grafana < 10.4.19 Improper Access Control
- 114805Grafana 11.2.x < 11.2.10 Improper Access Control
- 114806Grafana 11.3.x < 11.3.7 Improper Access Control
- 114807Grafana 11.4.x < 11.4.5 Improper Access Control
- 114808Grafana 11.5.x < 11.5.5 Improper Access Control
- 114809Grafana 11.6.x < 11.6.2 Improper Access Control
- 114810Grafana 12.0.x < 12.0.1 Improper Access Control
- 114811Grafana < 10.4.18 Cross-site Scripting
- 114812Grafana 11.2.x < 11.2.9 Cross-site Scripting
- 114813Grafana 11.3.x < 11.3.6 Cross-site Scripting
- 114814Grafana 11.4.x < 11.4.4 Cross-site Scripting
- 114815Grafana 11.5.x < 11.5.4 Cross-site Scripting
- 114816Grafana 11.6.x < 11.6.1 Cross-site Scripting
- 114817Grafana 11.1.x < 11.2.8+security-01 Cross-site Scripting
- 114818Grafana 11.1.x < 11.3.5+security-01 Cross-site Scripting
- 114819Grafana 11.1.x < 11.4.3+security-01 Cross-site Scripting
- 114820Grafana 11.1.x < 11.5.3+security-01 Cross-site Scripting
- 114821Grafana 11.1.x < 11.6.0+security-01 Cross-site Scripting
- 114822Grafana < 10.4.15 Exposure Of Sensitive Information To An Unauthorized Actor
- 114823Grafana < 11.0.11 Exposure Of Sensitive Information To An Unauthorized Actor
- 114824Grafana < 11.1.11 Exposure Of Sensitive Information To An Unauthorized Actor
- 114825Grafana < 11.2.6 Exposure Of Sensitive Information To An Unauthorized Actor
- 114826Grafana < 11.3.3 Exposure Of Sensitive Information To An Unauthorized Actor
- 114827Grafana < 11.4.1 Exposure Of Sensitive Information To An Unauthorized Actor
- 114828Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment
- 114829Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment
- 114830Grafana 10.3.x < 10.3.10 Multiple Vulnerabilities
- 114831Grafana 10.4.x < 10.4.9 Multiple Vulnerabilities
- 114832Grafana 11.0.x < 11.0.5 Multiple Vulnerabilities
- 114833Grafana 11.1.x < 11.1.6 Multiple Vulnerabilities
- 114834Grafana 11.2.x < 11.2.1 Multiple Vulnerabilities
- 114835Grafana 9.5.x < 9.5.18 Authorization Bypass Through User-controlled Key
- 114836Grafana 10.0.x < 10.0.13 Authorization Bypass Through User-controlled Key
- 114837Grafana 10.1.x < 10.1.9 Authorization Bypass Through User-controlled Key
- 114838Grafana 10.2.x < 10.2.6 Authorization Bypass Through User-controlled Key
- 114839Grafana 10.3.x < 10.3.5 Authorization Bypass Through User-controlled Key
- 114840Grafana 8.5.x < 9.5.7 Improper Privilege Management
- 114841Grafana 10.0.x < 10.0.12 Improper Privilege Management
- 114842Grafana 10.1.x < 10.1.8 Improper Privilege Management
- 114843Grafana 10.2.x < 10.2.5 Improper Privilege Management
- 114844Grafana 10.3.x < 10.3.4 Improper Privilege Management
- 114845Grafana 9.5.x < 9.5.16 Incorrect Authorization
- 114846Grafana 10.0.x < 10.0.11 Incorrect Authorization
- 114847Grafana 10.1.x < 10.1.7 Incorrect Authorization
- 114848Grafana 10.2.x < 10.2.4 Incorrect Authorization
- 114849Grafana 10.3.x < 10.3.3 Incorrect Authorization
- 114850Grafana < 8.5.26 Multiple Vulnerabilities
- 114851Grafana < 9.2.19 Multiple Vulnerabilities
- 114852Grafana < 9.3.15 Multiple Vulnerabilities
- 114853Grafana < 9.4.12 Multiple Vulnerabilities
- 114854Grafana 9.5.x < 9.5.3 Multiple Vulnerabilities
- 114855Grafana 9.2.x < 9.2.17 Exposure Of Sensitive Information To An Unauthorized Actor
- 114856Grafana 9.3.x < 9.3.13 Exposure Of Sensitive Information To An Unauthorized Actor
- 114857Grafana 9.4.x < 9.4.9 Exposure Of Sensitive Information To An Unauthorized Actor
- 114858Grafana < 8.5.22 Cross-site Scripting
- 114859Grafana < 9.2.15 Cross-site Scripting
- 114860Grafana < 9.3.11 Cross-site Scripting
- 114861Grafana 8.5.x < 8.5.21 Multiple Vulnerabilities
- 114862Grafana 9.2.x < 9.2.13 Multiple Vulnerabilities
- 114863Grafana 9.3.x < 9.3.8 Multiple Vulnerabilities
- 114864Grafana < 9.2.10 Cross-site Scripting
- 114865Grafana 9.3.x < 9.3.4 Cross-site Scripting
- 114866GraphQL Debug Mode Enabled
- 114867GraphQL Query Length Not Limited
- 114868GraphQL Alias Overloading Enabled
- 114869vBulletin 5.0.x < 6.0.4 Remote Code Execution
- 114870Langflow Chatbot Detected
- 114871Botpress Chatbot Detected
- 114872Voiceflow Chatbot Detected
- 114873Azure Bot Framework Chatbot Detected
- 114874Typebot Chatbot Detected
- 114875Apache Tomcat 11.0.0-M1 < 11.0.7 CGI Security Constraint Bypass
- 114876Apache Tomcat 10.1.0-M1 < 10.1.41 CGI Security Constraint Bypass
- 114877Apache Tomcat 9.0.0-M1 < 9.0.104 CGI Security Constraint Bypass
- 114878Dialogflow Chatbot Detected
- 114879Livechat Chatbot Detected
|
May 27, 2025, 6:31 AM Modified Detection- 114790MCP Server Detected
- 114791MCP Server Unauthenticated Access
- 114795FortiOS 7.0.x < 7.0.13 / 7.2.x < 7.2.6 / 7.4.x < 7.4.2 Remote Code Execution
|
May 23, 2025, 5:35 AM New- 114794Ivanti Endpoint Manager Mobile < 11.12.0.5 / < 12.3.0.2 / < 12.4.0.2 / < 12.5.0.1 Authentication Bypass
- 114798Label Studio < 1.18.0 Reflected Cross-Site Scripting
- 114803MCP Client Configuration File Detected
|
May 22, 2025, 7:05 AM Modified Detection- 114006Web Cache Poisoning Denial of Service
- 114434Flask Weak Secret Key
- 114790MCP Server Detected
- 114791MCP Server Unauthenticated Access
- 114795FortiOS 7.0.x < 7.0.13 / 7.2.x < 7.2.6 / 7.4.x < 7.4.2 Remote Code Execution
- 98008Web Application Firewall Detected
- 98080Form-based File Upload
New- 114792Agent2Agent (A2A) Card Detected
- 114793MCP Manifest Detected
- 114794Ivanti Endpoint Manager Mobile < 11.12.0.5 / < 12.3.0.2 / < 12.4.0.2 / < 12.5.0.1 Authentication Bypass
- 114796Content Security Policy Missing 'Report-To'
- 114797MCP Inspector Detected
- 114798Label Studio < 1.18.0 Reflected Cross-Site Scripting
- 114799SonicWall SMA < 10.2.1.14-75sv Unauthenticated Arbitrary File Read
- 114800Atlassian Jira < 9.12.20 Privilege Escalation
- 114801Atlassian Jira 10.3.x < 10.3.5 Privilege Escalation
- 114802Atlassian Jira 10.5.x < 10.5.1 Privilege Escalation
|
May 16, 2025, 6:31 AM Modified Detection- 112907GraphQL Interface Detected
- 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
- 113373Atlassian Bitbucket Remote Code Execution
- 113943Disclosed Hong Kong Identity Number
- 113973Web Services Description Language (WSDL) File Detected
- 114166SOAP API Detected
- 114434Flask Weak Secret Key
- 98056Missing HTTP Strict Transport Security Policy
- 98109DOM-based Cross-Site Scripting (XSS)
- 98623Host Header Injection
- 98648Missing 'Content-Type' Header
- 98779Source Code Passive Disclosure
New- 114775GraphQL Import Success
- 114776GraphQL Import Failed
- 114787Apache Tomcat 11.0.0-M1 < 11.0.6 Multiple Vulnerabilities
- 114788Apache Tomcat 10.1.0-M1 < 10.1.40 Multiple Vulnerabilities
- 114789Apache Tomcat 9.0.0-M1 < 9.0.104 Multiple Vulnerabilities
|
Apr 29, 2025, 6:27 AM Modified Detection- 113943Disclosed Hong Kong Identity Number
- 114357Polyfill Detected
- 114615Username Disclosure
- 98623Host Header Injection
New- 114779Rails Config File Detected
- 114780NPM Debug Log File Detected
- 114781Atlassian Jira 9.12.x < 9.12.22 XML External Entity
- 114782Greenshift Plugin for WordPress < 11.4.5 Arbitrary File Upload
- 114783SureTriggers Plugin for WordPress < 1.0.79 Authorization Bypass
- 114784Citrix Netscaler 14.1.x < 14.1-25.53 Information Disclosure
- 114785SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload
- 114786CraftCMS 3.x < 3.9.15 / 4.x < 4.14.15 / 5.x < 5.6.17 Remote Code Execution
|
Apr 17, 2025, 6:39 AM Modified Detection- 112439Server-Side Request Forgery
- 112524Oracle WebLogic WSAT Remote Code Execution
- 112545Oracle WebLogic Server Administration Console Detected
- 112704Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution
- 112706Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution
- 112720Rails < 4.2.11.3 / 5.x < 5.0.1 Remote Code Execution
- 113634Server-Side Inclusion Injection
- 114116XML Injection
- 114168Jenkins < 2.442 / < LTS 2.426.3 Arbitrary File Read
- 98100Path Traversal
- 98123Operating System Command Injection
- 98125Local File Inclusion
New- 114772Vite < 4.5.10 / 5.0.x < 5.4.15 / 6.0.x < 6.0.12 / 6.1.x < 6.1.2 / 6.2.x < 6.2.3 Arbitrary File Read
- 114773Joomla! 5.x < 5.2.6 Multiple Vulnerabilities
- 114774Joomla! 4.x < 4.4.13 Multiple Vulnerabilities
- 114777FortiOS 7.0.x < 7.0.16 Authentication Bypass
- 114778Vite < 4.5.13 / 5.0.x < 5.4.18 / 6.0.x < 6.0.15 / 6.1.x < 6.1.5 / 6.2.x < 6.2.6 Arbitrary File Read
|
Apr 10, 2025, 6:56 AM Modified Detection- 113452WordPress Plugins Detected
- 114434Flask Weak Secret Key
- 114668Langflow < 1.3.0 Unauthenticated Remote Code Execution
- 114681Next.js 13.0.x < 13.5.9 Authorization Bypass
New- 114692Moodle 4.1.x < 4.1.11 Multiple Vulnerabilities
- 114693Moodle 4.5.x < 4.5.3 Hidden Grades Shown Without Permission
- 114694Moodle 4.4.x < 4.4.7 Hidden Grades Shown Without Permission
- 114695Moodle 4.3.x < 4.3.11 Hidden Grades Shown Without Permission
- 114696Moodle 4.1.x < 4.1.17 Hidden Grades Shown Without Permission
- 114697Moodle 4.5.x < 4.5.2 Multiple Vulnerabilities
- 114698Moodle 4.4.x < 4.4.6 Multiple Vulnerabilities
- 114699Moodle 4.3.x < 4.3.10 Multiple Vulnerabilities
- 114700Moodle 4.1.x < 4.1.16 Multiple Vulnerabilities
- 114701Moodle 4.5.x < 4.5.3 Unauthenticated REST API Data Exposure
- 114702Moodle 4.3.x < 4.3.9 Multiple Vulnerabilities
- 114703Moodle < 4.1.15 Multiple Vulnerabilities
- 114704Moodle 4.3.x < 4.3.8 Reflected XSS In Question Bank Filter
- 114705Moodle 4.4.4 < 4.4.5 Reflected XSS In Question Bank Filter
- 114706Moodle 4.5.x < 4.5.1 Reflected XSS In Question Bank Filter
- 114707Moodle 4.4.x < 4.4.4 Multiple Vulnerabilities
- 114708Moodle 4.3.x < 4.3.8 Multiple Vulnerabilities
- 114709Moodle 4.2.x < 4.2.11 Multiple Vulnerabilities
- 114710Moodle < 4.1.14 Multiple Vulnerabilities
- 114711Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference
- 114712Moodle 4.4.x < 4.4.3 Multiple Vulnerabilities
- 114713Moodle 4.3.x < 4.3.7 Multiple Vulnerabilities
- 114714Moodle 4.2.x < 4.2.10 Multiple Vulnerabilities
- 114715Moodle 4.1.x < 4.1.13 Multiple Vulnerabilities
- 114716Moodle 4.4.x < 4.4.2 Multiple Vulnerabilities
- 114717Moodle 4.3.x < 4.3.6 Multiple Vulnerabilities
- 114718Moodle 4.2.x < 4.2.9 Multiple Vulnerabilities
- 114719Moodle < 4.1.12 Multiple Vulnerabilities
- 114720Moodle 4.4.x < 4.4.2 Multiples Vulnerabilities
- 114721Moodle 4.4.x < 4.4.5 Multiple Vulnerabilities
- 114722Moodle 4.2.x < 4.2.8 Multiple Vulnerabilities
- 114723Moodle 4.3.x < 4.3.5 Multiple Vulnerabilities
- 114724Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities
- 114725Moodle 4.3.x < 4.3.4 Multiple Vulnerabilities
- 114726Moodle < 4.1.10 Multiple Vulnerabilities
- 114727Moodle 4.2.x < 4.2.7 Multiple Vulnerabilities
- 114728Moodle 4.3.x < 4.3.3 Multiple Vulnerabilities
- 114729Moodle < 3.9.25 Multiple Vulnerabilities
- 114730Moodle 3.11.x < 3.11.18 Multiple Vulnerabilities
- 114731Moodle 4.0.x < 4.0.12 Multiple Vulnerabilities
- 114732Moodle 4.1.x < 4.1.7 Multiple Vulnerabilities
- 114733Moodle 4.2.x < 4.2.4 Multiple Vulnerabilities
- 114734Moodle 4.2.x < 4.2.4 Multiple Cross-Site Scripting
- 114735Moodle 4.3.x < 4.3.1 Multiple Cross-Site Scripting
- 114736Moodle < 3.9.24 Multiple Vulnerabilities
- 114737Moodle 3.11.x < 3.11.17 Multiple Vulnerabilities
- 114738Moodle 4.0.x < 4.0.11 Multiple Vulnerabilities
- 114739Moodle 4.1.x < 4.1.6 Multiple Vulnerabilities
- 114740Moodle 4.2.x < 4.2.3 Multiple Vulnerabilities
- 114741Moodle 4.2.x < 4.2.2 Multiple Vulnerabilities
- 114742Moodle 4.1.x < 4.1.5 Multiple Vulnerabilities
- 114743Moodle 4.0.x < 4.0.10 Multiple Vulnerabilities
- 114744Moodle 3.11.x < 3.11.16 Multiple Vulnerabilities
- 114745Moodle < 3.9.23 Multiple Vulnerabilities
- 114746Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade
- 114747Moodle < 3.9.23 JQuery UI Library Upgrade
- 114748Moodle 4.0.x < 4.0.10 phpCAS Library Upgrade
- 114749Moodle 3.11.x < 3.11.16 phpCAS Library Upgrade
- 114750Moodle < 3.9.23 phpCAS Library Upgrade
- 114751Moodle 4.1.x < 4.1.4 Multiple Vulnerabilities
- 114752Moodle 4.0.x < 4.0.9 Multiple Vulnerabilities
- 114753Moodle 3.11.x < 3.11.15 Multiple Vulnerabilities
- 114754Moodle < 3.9.22 Multiple Vulnerabilities
- 114755Moodle 4.2.x < 4.2.1 XSS Risk on groups page
- 114756Moodle 4.1.x < 4.1.4 XSS Risk on groups page
- 114757Moodle 4.0.x < 4.0.9 XSS Risk on groups page
- 114758Moodle 3.11.x < 3.11.15 XSS Risk on groups page
- 114759Moodle 4.1.x < 4.1.3 SQL injection
- 114760Moodle 4.0.x < 4.0.8 SQL injection
- 114761Moodle 3.11.x < 3.11.14 SQL injection
- 114762Moodle < 3.9.21 SQL injection
- 114763Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation
- 114764Moodle 4.1.x < 4.1.2 Multiple Vulnerabilities
- 114765Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities
- 114766Moodle 3.11.x < 3.11.13 Multiple Vulnerabilities
- 114767Moodle < 3.9.20 Multiple Vulnerabilities
- 114768Next.js 9.5.5 < 14.2.15 Authorization Bypass
- 114769Next.js 13.5.1 < 13.5.7 Cache Poisoning
- 114770Next.js 14.0.x < 14.2.10 Cache Poisoning
- 114771Next.js 11.1.4 < 12.3.5 Authorization Bypass
|
Apr 4, 2025, 8:14 AM Modified Detection- 114575Ollama Multiples Vulnerabilities
- 114681Next.js 13.0.x < 13.5.9 Authorization Bypass
New- 114690Apache Tomcat Path Equivalence Remote Code Execution
- 114691Kubernetes Ingress NGINX Controller Arbitrary Code Execution
|
Apr 3, 2025, 7:30 AM Modified Detection- 113943Disclosed Hong Kong Identity Number
- 114129Secret Data Disclosure
- 114575Ollama Multiples Vulnerabilities
- 98920Disclosed US Social Security Number
New- 114684CrushFTP 10.x < 10.8.3 / 11.x < 11.3.0 Authentication Bypass
- 114685Webmin < 2.100 Multiple Vulnerabilities
- 114686Webmin < 2.101 Multiple Vulnerabilities
- 114687Webmin < 2.110 Cross-Site Scripting
- 114688Webmin < 2.301 Network Traffic Loop Vulnerability
- 114689Ivanti EPM Credentials Coercion
|
Mar 28, 2025, 9:13 AM Modified Detection- 112524Oracle WebLogic WSAT Remote Code Execution
- 112541SSL/TLS Certificate Common Name Mismatch
- 112704Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution
- 112706Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution
- 112720Rails < 4.2.11.3 / 5.x < 5.0.1 Remote Code Execution
- 113123Dockerfile Detected
- 113168Docker Compose Configuration Detected
- 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
- 113373Atlassian Bitbucket Remote Code Execution
- 113906Advanced Custom Fields for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 113908Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 113943Disclosed Hong Kong Identity Number
- 114006Web Cache Poisoning Denial of Service
- 114168Jenkins < 2.442 / < LTS 2.426.3 Arbitrary File Read
- 114357Polyfill Detected
- 114434Flask Weak Secret Key
- 114575Ollama Multiples Vulnerabilities
- 114668Langflow < 1.3.0 Unauthenticated Remote Code Execution
- 114681Next.js 13.0.x < 13.5.9 Authorization Bypass
- 98920Disclosed US Social Security Number
New- 114669JFrog Artifactory Anonymous Deployment Detected
- 114680Age Gates Plugin for WordPress < 3.5.4 Local File Inclusion
- 114682Next.js 14.x < 14.2.25 Authorization Bypass
- 114683Next.js 15.x < 15.2.3 Authorization Bypass
|
Mar 24, 2025, 12:29 PM Modified Detection- 114386External Broken Resources Detected
- 114681Next.js 13.0.x < 13.5.9 Authorization Bypass
New- 114669JFrog Artifactory Anonymous Deployment Detected
- 114674ServiceNow SAML Single Sign-On Bypass
- 114675ServiceNow Public Knowledge Base Detected
- 114676Drupal 11.1.x < 11.1.5 Cross-Site Scripting
- 114677Drupal 11.0.x < 11.0.13 Cross-Site Scripting
- 114678Drupal 10.4.x < 10.4.5 Cross-Site Scripting
- 114679Drupal 8.0.x < 10.3.14 Cross-Site Scripting
- 114680Age Gates Plugin for WordPress < 3.5.4 Local File Inclusion
- 114682Next.js 14.x < 14.2.25 Authorization Bypass
- 114683Next.js 15.x < 15.2.3 Authorization Bypass
|
Mar 18, 2025, 7:49 AM Modified Detection- 112907GraphQL Interface Detected
- 114400Apache OFBiz < 18.12.11 Server-Side Request Forgery
- 114621Docker Public Registry Detected
- 114668Langflow < 1.3.0 Unauthenticated Remote Code Execution
- 98117Blind SQL Injection (differential analysis)
New- 114661Nokri – Job Board Theme for WordPress < 1.6.3 Arbitrary Password Change
- 114662SEO Automatic Seo Tools Plugin for WordPress Cross-Site Scripting
- 114663HUSKY (formerly WOOF) Plugin for WordPress < 1.3.6.6 Path Traversal
- 114664WHMPress Plugin for WordPress < 6.3-revision-1 Local File Inclusion
- 114665Joomla! 5.x < 5.2.5 Arbitrary File Upload
- 114666Joomla! 4.x < 4.4.12 Arbitrary File Upload
- 114667FlowiseAI Arbitrary File Upload
- 114670PHP 8.4.x < 8.4.5 Multiple Vulnerabilities
- 114671PHP 8.3.x < 8.3.19 Multiple Vulnerabilities
- 114672PHP 8.2.x < 8.2.28 Multiple Vulnerabilities
- 114673PHP 8.1.x < 8.1.32 Multiple Vulnerabilities
|
Mar 12, 2025, 8:08 AM New- 114653Ngrok Detected
- 114654ConnectWise ScreenConnect Detected
- 114655SimpleHelp Detected
- 114656Apache Tomcat 11.0.0-M1 < 11.0.3 Remote Code Execution
- 114657Apache Tomcat 10.1.0-M1 < 10.1.35 Remote Code Execution
- 114658Apache Tomcat 9.0.0-M1 < 9.0.99 Remote Code Execution
- 114659SimpleHelp Unauthenticated Path Traversal
- 114660SPIP CMS < 4.1.16 / 4.2.x < 4.2.13 / 4.3.x < 4.3.0-alpha2 Remote Code Execution
|
Mar 11, 2025, 7:30 AM Modified Detection- 114129Secret Data Disclosure
- 114614CraftCMS < 4.13.2 / 5.x < 5.5.2 Remote Code Execution
- 114615Username Disclosure
- 114621Docker Public Registry Detected
- 98104Cross-Site Scripting (XSS)
- 98117Blind SQL Injection (differential analysis)
- 98538Environment Configuration File Detected
New- 114609Essential Addons for Elementor Plugin for WordPress < 6.0.15 Cross-Site Scripting
- 114616GitLab Public Sign-Up Detected
- 114617GitLab Public Projects Detected
- 114618GiveWP Plugin for WordPress < 3.20.0 Remote Code Execution
- 114619GitLab Public Snippets Detected
- 114620RustDesk Console Detected
- 114622LiteLLM Detected
- 114623LiteLLM < 1.48.18 Server-Side Request Forgery
- 114624RustDesk Console Default Credentials
- 114625LiteLLM Default Credentials
- 114626RustDesk API Admin Detected
- 114627RustDesk API Admin Registration Enabled
- 114628VNC Viewer for Java Detected
- 114629Newscrunch Plugin for WordPress < 1.8.4.1 Arbitrary File Upload
- 114630OpenVPN Access Server Detected
- 114631Kibana 8.15.x < 8.17.3 Prototype Pollution
- 114632Kibana 7.x < 7.17.23 Multiples Denial Of Service
- 114633Kibana 8.x < 8.15.0 Multiples Vulnerabilities
- 114634Kibana 7.x < 7.17.23 Multiples Vulnerabilities
- 114635Kibana 8.x < 8.14.2 Multiples Vulnerabilities
- 114636Kibana 8.15.x < 8.15.1 Multiples Vulnerabilities
- 114637Kibana 8.x < 8.14.0 Denial Of Service
- 114638Kibana 7.x < 7.17.23 Denial Of Service
- 114639Kibana 8.x < 8.14.0 Multiples Vulnerabilities
- 114640Kibana 7.x < 7.17.22 Multiples Vulnerabilities
- 114641Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File
- 114642Kibana 7.13.x < 7.17.16 Insertion of Sensitive Information into Log File
- 114643Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File
- 114644Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File
- 114645Kibana 8.x < 8.7.1 Multiples Vulnerabilities
- 114646TSPlus Detected
- 114647Apache Guacamole Detected
- 114648Pritunl Detected
- 114649Sitecore XM/XP Remote Code Execution
- 114650BeyondTrust Remote Support Detected
- 114651AirDroid Detected
- 114652SonicWall SonicOS SSLVPN Authentication Bypass
|
Mar 3, 2025, 7:38 AM Modified Detection- 114166SOAP API Detected
- 114614CraftCMS < 4.13.2 / 5.x < 5.5.2 Remote Code Execution
New- 114608REST API Detected
- 114609Essential Addons for Elementor Plugin for WordPress < 6.0.15 Cross-Site Scripting
- 114610ASP.NET Cookieless Session State Enabled
- 114611Azure Entra ID Identity Provider Detected
- 114612NAKIVO Backup & Replication < 11.0.0.88174 Arbitrary File Read
- 114613Auth0 Identity Provider Detected
|
Feb 25, 2025, 7:32 AM Modified Detection- 113078AngularJS Unsupported Version
- 98083CAPTCHA Detection
- 98113XML External Entity
- 98228Drupal Unsupported Version
New- 114596Atlassian Jira UserPickerBrowser Information Disclosure
- 114598Palo Alto PAN-OS Authentication Bypass
- 114599DWT - Directory & Listing Theme for WordPress < 3.3.4 Cross-Site Scripting
- 114600Atlassian Jira Managefilters Information Disclosure
- 114601Atlassian Jira Public Dashboard Detected
- 114602Joomla! 5.x < 5.2.4 SQL injection
- 114603Joomla! 4.x < 4.4.11 SQL injection
- 114604Drupal 11.1.x < 11.1.3 Multiple Vulnerabilities
- 114605Drupal 11.0.x < 11.0.12 Multiple Vulnerabilities
- 114606Drupal 10.4.x < 10.4.3 Multiple Vulnerabilities
- 114607Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities
|
Feb 12, 2025, 8:43 AM Modified Detection- 113031Out-of-Date JQuery UI Detected
- 113034Out-of-Date MediaElement.Js Detected
- 113373Atlassian Bitbucket Remote Code Execution
New- 114412WebSocket Unencrypted Traffic
- 114586LobeChat < 1.19.13 Server-Side Request Forgery
- 114587LobeChat < 0.162.25 Sensitive Data Exposure
- 114588LobeChat < 0.150.6 Server-Side Request Forgery
- 114589LobeChat < 0.122.4 Improper Access Control
- 114591GSheetConnector for Forminator Forms for WordPress Cross-Site Scripting
- 114592Multilang Contact Form Plugin for WordPress Cross-Site Scripting
- 114593Build Private Store For Woocommerce Plugin for WordPress < 1.1 Cross-Site Request Forgery
- 114594Nginx 1.27.x < 1.27.4 SSL Session Reuse
- 114595Nginx 1.11.4 < 1.26.3 SSL Session Reuse
- 114596Atlassian Jira UserPickerBrowser Information Disclosure
- 114597Atlassian Confluence Public Space Detected
|
Feb 3, 2025, 8:23 AM New- 114584Drupal Full Path Disclosures
- 114585LobeChat Detected
- 114586LobeChat < 1.19.13 Server-Side Request Forgery
- 114587LobeChat < 0.162.25 Sensitive Data Exposure
- 114588LobeChat < 0.150.6 Server-Side Request Forgery
- 114589LobeChat < 0.122.4 Improper Access Control
- 114590Microsoft Exchange Autodiscover V2 User Enumeration
|
Jan 29, 2025, 8:07 AM Modified Detection- 113162MySQLjs SQL Injection Authentication Bypass
- 113337NoSQL Injection Authentication Bypass
- 98117Blind SQL Injection (differential analysis)
New- 114572DNS Dangling Record
- 114581Masa CMS < 7.2.1 Path Traversal
- 114582Masa CMS < 7.2.5 / 7.3.x < 7.3.10 Authentication Bypass
- 114583Masa CMS Default Credentials
|
Jan 28, 2025, 7:36 AM Modified Detection- 113158Package Dependencies Detected
- 114146Subdomain Takeover
- 114575Ollama Multiples Vulnerabilities
New- 114567Oak Server < 17.1.3 Path Traversal
- 114568GitHub Workflow Detected
- 114569Atlassian BitBucket Public Repository Detected
- 114570Envoy Admin Interface Exposed
- 114571Istio Sensitive Information Disclosure
- 114572DNS Dangling Record
- 114573Microsoft Remote Desktop Web Access Detected
- 114574Spring Framework 5.3.x < 5.3.40 / 6.0.x < 6.0.24 / 6.1.x < 6.1.13 Path Traversal
- 114576Ollama < 0.4.0 Remote Code Execution
- 114577Ollama < 0.1.47 Path Traversal
- 114578Ollama < 0.1.46 Multiples Vulnerabilities
- 114579Ollama < 0.1.34 Multiples Vulnerabilities
- 114580Ollama < 0.1.29 DNS Rebinding
|
Jan 20, 2025, 8:50 AM Modified Detection- 113310Blind XPath Injection (differential analysis)
- 113943Disclosed Hong Kong Identity Number
- 98119Blind NoSQL Injection (differential analysis)
|
Jan 17, 2025, 9:29 AM Modified Detection- 112526Missing 'X-XSS-Protection' Header (deprecated)
- 113943Disclosed Hong Kong Identity Number
- 114029Well-Known URIs Detected
- 114146Subdomain Takeover
- 114258LayerSlider Plugin for WordPress 7.9.11 < 7.10.1 SQL Injection
- 98070Common Administration Interfaces Detection
- 98071Common Files Detection
- 98109DOM-based Cross-Site Scripting (XSS)
New- 114543Plugin Telemetry
- 114550Joomla! 5.x < 5.2.3 Multiple Vulnerabilities
- 114551Roundcube Webmail < 1.4.14 Cross-Site-Scripting
- 114552Roundcube Webmail 1.5.x < 1.5.4 Cross-Site-Scripting
- 114553Roundcube Webmail 1.6.x < 1.6.3 Cross-Site-Scripting
- 114554Roundcube Webmail 1.5.x < 1.5.8 Multiples Vulnerabilities
- 114555Roundcube Webmail 1.6.x < 1.6.8 Multiples Vulnerabilities
- 114556Roundcube Webmail 1.5.x < 1.5.7 Multiples Vulnerabilities
- 114557Roundcube Webmail 1.6.x < 1.6.7 Multiples Vulnerabilities
- 114558Roundcube Webmail 1.5.x < 1.5.6 Cross-Site-Scripting
- 114559Roundcube Webmail 1.6.x < 1.6.5 Cross-Site-Scripting
- 114560Roundcube Webmail < 1.4.15 Cross-Site-Scripting
- 114561Roundcube Webmail 1.5.x < 1.5.5 Cross-Site-Scripting
- 114562Roundcube Webmail 1.6.x < 1.6.4 Cross-Site-Scripting
- 114563GiveWP Plugin for WordPress < 3.19.4 Remote Code Execution
- 114564Content Security Policy Permissive Sources
- 114565Joomla! 4.x < 4.4.10 Multiple Vulnerabilities
- 114566Joomla! 3.x < 3.10.20 Multiple Vulnerabilities
|
Jan 7, 2025, 8:44 AM Modified Detection- 112439Server-Side Request Forgery
- 112524Oracle WebLogic WSAT Remote Code Execution
- 112526Missing 'X-XSS-Protection' Header (deprecated)
- 112541SSL/TLS Certificate Common Name Mismatch
- 112545Oracle WebLogic Server Administration Console Detected
- 112704Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution
- 112706Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution
- 112720Rails < 4.2.11.3 / 5.x < 5.0.1 Remote Code Execution
- 112907GraphQL Interface Detected
- 113031Out-of-Date JQuery UI Detected
- 113034Out-of-Date MediaElement.Js Detected
- 113059OPcache UI Detected
- 113078AngularJS Unsupported Version
- 113123Dockerfile Detected
- 113158Package Dependencies Detected
- 113162MySQLjs SQL Injection Authentication Bypass
- 113168Docker Compose Configuration Detected
- 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
- 113310Blind XPath Injection (differential analysis)
- 113337NoSQL Injection Authentication Bypass
- 113373Atlassian Bitbucket Remote Code Execution
- 113452WordPress Plugins Detected
- 113634Server-Side Inclusion Injection
- 113906Advanced Custom Fields for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 113908Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
- 113943Disclosed Hong Kong Identity Number
- 113973Web Services Description Language (WSDL) File Detected
- 114006Web Cache Poisoning Denial of Service
- 114029Well-Known URIs Detected
- 114116XML Injection
- 114129Secret Data Disclosure
- 114146Subdomain Takeover
- 114166SOAP API Detected
- 114168Jenkins < 2.442 / < LTS 2.426.3 Arbitrary File Read
- 114258LayerSlider Plugin for WordPress 7.9.11 < 7.10.1 SQL Injection
- 114313Flowise Chatflow Detected
- 114357Polyfill Detected
- 114386External Broken Resources Detected
- 114400Apache OFBiz < 18.12.11 Server-Side Request Forgery
- 114434Flask Weak Secret Key
- 114549Apache Struts < 6.4.0 Unrestricted File Upload (S2-067)
- 98008Web Application Firewall Detected
- 98056Missing HTTP Strict Transport Security Policy
- 98070Common Administration Interfaces Detection
- 98071Common Files Detection
- 98080Form-based File Upload
- 98083CAPTCHA Detection
- 98100Path Traversal
- 98104Cross-Site Scripting (XSS)
- 98107Cross-Site Scripting (XSS) in path
- 98109DOM-based Cross-Site Scripting (XSS)
- 98110DOM-based Cross-Site Scripting (XSS) in attribute context
- 98113XML External Entity
- 98115SQL Injection
- 98117Blind SQL Injection (differential analysis)
- 98119Blind NoSQL Injection (differential analysis)
- 98123Operating System Command Injection
- 98125Local File Inclusion
- 98228Drupal Unsupported Version
- 98538Environment Configuration File Detected
- 98611Error Message
- 98623Host Header Injection
- 98648Missing 'Content-Type' Header
- 98779Source Code Passive Disclosure
- 98920Disclosed US Social Security Number
New- 114546Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities
- 114547Apache Tomcat 10.1.0-M1 < 10.1.34 Multiple Vulnerabilities
- 114548Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
|
Dec 23, 2024, 1:24 PM Modified Detection- 112290Apache Tomcat 9.0.0.M1 < 9.0.10 Multiple Vulnerabilities
- 98107Cross-Site Scripting (XSS) in path
- 98109DOM-based Cross-Site Scripting (XSS)
- 98110DOM-based Cross-Site Scripting (XSS) in attribute context
New- 114546Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities
- 114547Apache Tomcat 10.1.0-M1 < 10.1.34 Multiple Vulnerabilities
- 114548Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
|
Dec 19, 2024, 7:27 AM Modified Detection- 112290Apache Tomcat 9.0.0.M1 < 9.0.10 Multiple Vulnerabilities
- 112719Client-Side Prototype Pollution
- 112726Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)
- 112727Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)
- 112741Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)
- 112742Apache Struts 2 < 2.3.29 DevMode Remote Code Execution
- 112760Apache Struts 2 Demo Application Detected
- 112762Apache Struts 2 < 2.3.33 Remote Code Execution (S2-048)
- 112763Apache Struts 2.1.6 < 2.3.34 / 2.5 < 2.5.13 Remote Code Execution (S2-052)
- 114129Secret Data Disclosure
- 114357Polyfill Detected
- 114469CyberPanel < 2.3.8 Remote Command Execution
- 98115SQL Injection
New- 114542Cleo < 5.8.0.21 Unrestricted File Read/Upload
- 114544Cleo < 5.8.0.24 Unrestricted File Upload
- 114545Hunk Companion Plugin for WordPress < 1.9.0 Arbitrary Plugin Installation
|
Dec 10, 2024, 7:32 AM Modified Detection- 114313Flowise Chatflow Detected
- 114469CyberPanel < 2.3.8 Remote Command Execution
New- 114524Ivanti EPM XML External Entity
- 114529GeoServer 2.10.0 < 2.24.4 Sensitive Information Exposure
- 114530GeoServer 2.25.0 < 2.25.1 Sensitive Information Exposure
- 114531GeoServer < 2.23.5 Path Traversal
- 114532GeoServer 2.24.0 < 2.24.3 Path Traversal
- 114533GeoServer 2.24.0 < 2.24.2 Path Traversal
- 114534GeoServer < 2.23.4 Multiples Vulnerabilities
- 114535GeoServer 2.24.0 < 2.24.1 Multiples Vulnerabilities
- 114536GeoServer < 2.23.4 Path Traversal
- 114537GeoServer < 2.23.3 Multiples Vulnerabilities
- 114538GeoServer < 2.22.5 Multiples Vulnerabilities
- 114539GeoServer 2.23.0 < 2.23.1 Multiples Vulnerabilities
- 114540GeoServer < 2.19.6 Insecure Deserialization
- 114541GeoServer 2.20.0 < 2.20.4 Insecure Deserialization
|
Dec 3, 2024, 8:16 AM Modified Detection- 114129Secret Data Disclosure
- 114223HTTP Request Smuggling
- 98077Private IP Address Disclosure
- 98623Host Header Injection
New- 114524Ivanti EPM XML External Entity
- 114525Spring Eureka Detected
- 114526Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.45 Authorization Bypass
- 114527Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass
- 114528PhpSysInfo Detected
|
Nov 26, 2024, 7:19 AM Modified Detection- 113158Package Dependencies Detected
- 114129Secret Data Disclosure
- 114503Virtual Hosts Detected
- 98067Insecure Cross-Domain Policy (allow-access-from)
- 98068Insecure Cross-Domain Policy (allow-http-request-headers-from)
New- 114512Really Simple Security Plugin for WordPress 9.x < 9.1.2 Authentication Bypass
- 114514Palo Alto PAN-OS GlobalProtect Authentication Bypass
- 114515Surecart Plugin for WordPress < 2.30.0 SQL Injection
- 114516PHP 8.3.x < 8.3.14 Multiple Vulnerabilities
- 114517PHP 8.2.x < 8.2.26 Multiple Vulnerabilities
- 114518PHP 8.1.x < 8.1.31 Multiple Vulnerabilities
- 114519Drupal 11.0.x < 11.0.8 Multiple Vulnerabilities
- 114520Drupal 10.3.x < 10.3.9 Multiple Vulnerabilities
- 114521Drupal 10.2.x < 10.2.11 Multiple Vulnerabilities
- 114522Drupal 7.x < 7.102 Multiple Vulnerabilities
- 114523Sitecore 8.x < 10.4 Arbitrary File Read
|
Nov 20, 2024, 7:36 AM Modified Detection- 114143Node-config Configuration File Detected
- 114400Apache OFBiz < 18.12.11 Server-Side Request Forgery
- 114497Symfony < 5.4.46 / 6.x < 6.4.14 / 7.x < 7.1.7 Improper Input Handling
- 114503Virtual Hosts Detected
New- 114502Cross-Site WebSocket Hijacking
- 114504Opti Marketing Plugin for WordPress <= 2.0.9 SQL Injection
- 114505HTTP Hop-By-Hop Headers Detected
- 114506Apache Tomcat 11.0.0 Cross-Site Scripting
- 114507Apache Tomcat 10.1.31 Cross-Site Scripting
- 114508Apache Tomcat 9.0.96 Cross-Site Scripting
- 114509Apache Tomcat 11.0.0-M1 < 11.0.0 Multiple Vulnerabilities
- 114510Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities
- 114511Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities
- 114512Really Simple Security Plugin for WordPress 9.x < 9.1.2 Authentication Bypass
- 114513Ivanti Cloud Services Appliance < 4.6 patch 519 Path Traversal
|
Nov 14, 2024, 7:27 AM Modified Detection- 112353ASP.NET DEBUG Method Enabled
- 112920GraphQL Cross-Site Request Forgery
- 113219Insecure Redirect Chain
- 114143Node-config Configuration File Detected
- 114223HTTP Request Smuggling
- 114400Apache OFBiz < 18.12.11 Server-Side Request Forgery
- 114497Symfony < 5.4.46 / 6.x < 6.4.14 / 7.x < 7.1.7 Improper Input Handling
New- 114499Apache APISIX Dashboard < 2.10.1 Authentication Bypass
- 114500Apache APISIX Dashboard Default Credentials
- 114501jQuery < 1.9.0 Cross-Site Scripting
|
Nov 8, 2024, 9:56 AM Modified Detection- 113897HTML Comments Detected
- 114129Secret Data Disclosure
- 114223HTTP Request Smuggling
- 114386External Broken Resources Detected
- 114466Path Relative Stylesheet Import
- 114497Symfony < 5.4.46 / 6.x < 6.4.14 / 7.x < 7.1.7 Improper Input Handling
|
Nov 5, 2024, 8:43 AM Modified Detection- 113897HTML Comments Detected
- 114129Secret Data Disclosure
- 114468SonarQube Public Projects Detected
- 114469CyberPanel < 2.3.8 Remote Command Execution
New- 114470Mastodon < 4.1.20 Regular Expression Denial of Service
- 114471Mastodon 4.2.x < 4.2.13 Regular Expression Denial of Service
- 114472Mastodon < 4.1.18 Multiples Vulnerabilities
- 114473Mastodon 4.2.x < 4.2.10 Multiples Vulnerabilities
- 114474Mastodon < 4.1.17 Multiples Vulnerabilities
- 114475Mastodon 4.2.x < 4.2.9 Multiples Vulnerabilities
- 114476Mastodon < 3.5.19 Unrestricted File Upload
- 114477Mastodon 4.0.x < 4.0.15 Unrestricted File Upload
- 114478Mastodon 4.1.x < 4.1.15 Unrestricted File Upload
- 114479Mastodon 4.2.x < 4.2.7 Unrestricted File Upload
- 114480Mastodon < 3.5.17 Authentication Bypass
- 114481Mastodon < 4.1.13 Authentication Bypass
- 114482Mastodon < 4.2.5 Authentication Bypass
- 114483Mastodon < 3.5.18 Multiples Vulnerabilities
- 114484Mastodon 4.0.x < 4.0.14 Multiples Vulnerabilities
- 114485Mastodon 4.1.x < 4.1.14 Multiples Vulnerabilities
- 114486Mastodon 4.2.x < 4.2.6 Multiples Vulnerabilities
- 114487Mastodon < 3.5.14 Multiples Vulnerabilities
- 114488Mastodon < 4.0.10 Multiples Vulnerabilities
- 114489Mastodon < 4.1.8 Multiples Vulnerabilities
- 114490Mastodon < 3.5.9 Multiples Vulnerabilities
- 114491Mastodon 4.0.x < 4.0.5 Multiples Vulnerabilities
- 114492Mastodon 4.1.x < 4.1.3 Multiples Vulnerabilities
- 114493Mastodon 2.5.0 < 3.5.8 LDAP injection
- 114494Mastodon 4.0.x < 4.0.4 LDAP injection
- 114495Mastodon 4.1.x < 4.1.2 LDAP injection
- 114496Apache Solr 5.3.0 < 8.11.4 / 9.x < 9.7.0 Authentication Bypass
|
Oct 31, 2024, 8:24 AM Modified Detection- 114466Path Relative Stylesheet Import
- 114469CyberPanel < 2.3.8 Remote Command Execution
|
Oct 29, 2024, 7:27 AM Modified Detection- 114466Path Relative Stylesheet Import
- 114468SonarQube Public Projects Detected
New- 114460Clockwork Detected
- 114461Clockwork Unrestricted Access
- 114462SuiteCRM < 7.14.4 / 8.x < 8.6.1 SQL Injection
- 114463Robomongo File Detected
- 114464SSH Authorized Keys File Detected
- 114465SSH id_rsa File Detected
- 114467Danswer < 0.10.0-beta.1 Insecure Direct Object Reference
|
Oct 21, 2024, 7:11 AM Modified Detection- 113217Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (Spring4Shell)
- 113838WooCommerce Payments Plugin for WordPress 5.6.x < 5.6.2 Authentication Bypass
- 114031WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass
- 114032WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass
- 114033WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass
- 114034WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass
- 114035WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass
- 114036WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass
- 114037WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass
- 114038WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass
- 114039WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass
- 114040WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass
- 114129Secret Data Disclosure
- 98228Drupal Unsupported Version
New- 114449Dolibarr 16.x < 16.0.5 Database Download
- 114450Mura/Masa CMS SQL Injection
- 114451XWiki Platform 7.0 < 14.4.8 / 14.5 < 14.10.4 Remote Code Execution
- 114452SEOPress Plugin for WordPress < 7.9 PHP Object Injection
- 114453Atlassian Confluence < 7.19.25 Cross-Site Scripting
- 114454Atlassian Confluence 7.20.x < 8.5.11 Cross-Site Scripting
- 114455Atlassian Confluence 8.6.x < 8.9.3 Cross-Site Scripting
- 114456Drupal 10.2.x < 10.2.10 Improper Error Handling
- 114457Palo Alto Expedition < 1.2.96 Multiple Vulnerabilties
- 114458GiveWP Plugin for WordPress < 3.16.4 Remote Code Execution
- 114459Gradio < 4.37.1 Open Redirect
|
Oct 15, 2024, 6:35 AM Modified Detection- 114129Secret Data Disclosure
- 114247Authentication Check Pattern Found in Unauthenticated Browser
New- 114448Apache Tapestry Arbitrary File Read
|
Oct 3, 2024, 7:40 AM Modified Detection- 112550Full Path Disclosure
- 113393Performance Telemetry
- 114129Secret Data Disclosure
- 114439Express.js Cookie-Session Weak Secret Key
New- 114445PHP 8.3.x < 8.3.12 Multiple Vulnerabilities
- 114446PHP 8.2.x < 8.2.24 Multiple Vulnerabilities
- 114447PHP 8.1.x < 8.1.30 Multiple Vulnerabilities
|
Sep 26, 2024, 12:54 PM Modified Detection- 114283Unrestricted File Upload
New- 114441PowerPress Podcasting Plugin for WordPress 11.9.3 / 11.9.4 Injected Backdoor
- 114442Pods Plugin for WordPress 3.2.3 Injected Backdoor
- 114443Social Warfare Plugin for WordPress 4.4.6.4 < 4.4.7.3 Injected Backdoor
- 114444Apache OFBiz < 18.12.16 Remote Code Execution
|
Sep 24, 2024, 6:34 AM Modified Detection- 112686JSON Web Token Detected
- 114433Ivanti EPM RecordGoodApp SQL Injection
- 114434Flask Weak Secret Key
- 114439Express.js Cookie-Session Weak Secret Key
New- 114432Laravel Weak Secret Key
- 114435Django Weak Secret Key
- 114436Ruby On Rails Weak Secret Key
- 114437Pyramid Weak Secret Key
- 114438Express.js Express-Session Weak Secret Key
- 114440LiteSpeed Cache Plugin for WordPress < 6.5.0.1 Sensitive Information Exposure
|
Sep 17, 2024, 6:25 AM Modified Detection- 98538Environment Configuration File Detected
New- 114429Service Worker Detected
- 114430Next.js Remote Patterns Server-Side Request Forgery
- 114431Next.js < 14.1.1 Server Actions Server-Side Request Forgery
|
Sep 12, 2024, 9:21 AM New- 114428Sequelize Configuration File Detected
|
Sep 9, 2024, 1:31 PM Modified Detection- 112726Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)
- 112741Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)
- 113420Nginx < 1.22.1 Multiple Vulnerabilities
- 113421Nginx 1.23.x < 1.23.2 Multiple Vulnerabilities
- 114168Jenkins < 2.442 / < LTS 2.426.3 Arbitrary File Read
New- 114421Nginx 1.27.0 Buffer Over-read
- 114422Nginx 1.5.13 < 1.26.2 Buffer Over-read
- 114424CKEditor < 5.35.0.1 Cross-Site Scripting
- 114425CKEditor < 4.25.0-LTS Multiples Cross-Site Scripting
- 114426CKEditor < 4.24.0-LTS Multiples Cross-Site Scripting
- 114427Gutenberg Forms Plugin for WordPress <= 2.2.9 Arbitrary File Upload
|
Sep 6, 2024, 11:19 AM Modified Detection- 112544HTTP to HTTPS Redirect Not Enabled
- 112907GraphQL Interface Detected
- 113420Nginx < 1.22.1 Multiple Vulnerabilities
- 113421Nginx 1.23.x < 1.23.2 Multiple Vulnerabilities
- 114220Atlassian Confluence < 7.19.18 Cross-Site Scripting
- 114221Atlassian Confluence 8.7.x < 8.7.2 Cross-Site Scripting
- 114222Atlassian Confluence 7.20.x < 8.5.5 Cross-Site Scripting
- 114238Atlassian Confluence < 7.19.20 Path Traversal
- 114239Atlassian Confluence 7.20.x < 8.5.7 Path Traversal
- 114240Atlassian Confluence 8.6.x < 8.8.1 Path Traversal
- 114373Joomla! 5.x < 5.1.2 Multiple Vulnerabilities
- 114374Joomla! 4.x < 4.4.6 Multiple Vulnerabilities
- 114375Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
- 114377Atlassian Confluence < 7.19.22 Cross-Site Scripting
- 114378Atlassian Confluence 7.20.x < 8.5.9 Cross-Site Scripting
- 114379Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting
- 98146Password Submitted Using GET Method
- 98950Nginx < 1.4.1 ngx_http_proxy_module.c Multiple Vulnerabilities
- 98951Nginx < 1.2.9 ngx_http_proxy_module.c Multiple Vulnerabilities
New- 114413Flowise < 2.0.6 Authentication Bypass
- 114414Joomla! 5.x < 5.1.3 Multiple Vulnerabilities
- 114415Joomla! 4.x < 4.4.7 Multiple Vulnerabilities
- 114416Joomla! 3.x < 3.10.17 Multiple Vulnerabilities
- 114417Atlassian Confluence < 7.19.26 Multiple Vulnerabilities
- 114418Atlassian Confluence 7.20.x < 8.5.14 Multiple Vulnerabilities
- 114419Atlassian Confluence 8.6.x < 8.9.5 Multiple Vulnerabilities
- 114420Atlassian Confluence 9.0.x < 9.0.1 Multiple Vulnerabilities
- 114421Nginx 1.27.0 Buffer Over-read
- 114422Nginx 1.5.13 < 1.26.2 Buffer Over-read
- 114423Nginx 1.25.x < 1.26.1 Multiple Vulnerabilities
|
Sep 3, 2024, 6:46 AM New- 114395WebSocket Detected
- 114396Apache OFBiz < 18.12.15 Remote Code Execution
- 114397AI Engine Plugin for WordPress < 2.4.8 Server-Side Request Forgery
- 114398Edge Side Includes Injection
- 114399Apache OFBiz < 18.12.13 Path Traversal
- 114401Nginx+ Dashboard Unrestricted Access
- 114402Nginx HTTP API Module Unrestricted Access
- 114403Laravel Pulse Unrestricted Access
- 114404Laravel Horizon Unrestricted Access
- 114405Laravel Telescope Unrestricted Access
- 114406LiteSpeed Cache Plugin for WordPress < 6.4 Privilege Escalation
- 114407Gradio Detected
- 114408Gradio Unauthenticated Access
- 114409Gradio 4.3 < 4.13 Local File Read
- 114410FCKEditor Unsupported Version
- 114411Ivanti Virtual Traffic Manager Authentication Bypass
|
Aug 12, 2024, 6:31 AM Modified Detection- 113030Out-of-Date Bootstrap Detected
- 113031Out-of-Date JQuery UI Detected
- 113032Out-of-Date Modernizr Detected
- 113033Out-of-Date Underscore.js Detected
- 113034Out-of-Date MediaElement.Js Detected
- 113037Out-of-Date Backbone JS Framework Detected
- 114400Apache OFBiz < 18.12.11 Server-Side Request Forgery
- 98084Directory Listing
- 98114XPath Injection
New- 114393Danswer Unauthenticated Access
- 114395WebSocket Detected
- 114396Apache OFBiz < 18.12.15 Remote Code Execution
- 114397AI Engine Plugin for WordPress < 2.4.8 Server-Side Request Forgery
- 114398Edge Side Includes Injection
- 114399Apache OFBiz < 18.12.13 Path Traversal
|
Aug 1, 2024, 6:42 AM Modified Detection- 113030Out-of-Date Bootstrap Detected
- 113031Out-of-Date JQuery UI Detected
- 113032Out-of-Date Modernizr Detected
- 113033Out-of-Date Underscore.js Detected
- 113034Out-of-Date MediaElement.Js Detected
- 113037Out-of-Date Backbone JS Framework Detected
- 113959GeoServer SQL Injection
- 114006Web Cache Poisoning Denial of Service
- 114313Flowise Chatflow Detected
- 98084Directory Listing
- 98114XPath Injection
New- 114390AnythingLLM API Sensitive Information Disclosure
- 114391Dify Detected
- 114392Danswer Detected
- 114393Danswer Unauthenticated Access
- 114394GeoServer Remote Code Execution
|
Jul 29, 2024, 7:28 AM Modified Detection- 113219Insecure Redirect Chain
- 113338Web Cache Poisoning
- 114381Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution
- 114382Missing 'Content-Type' Charset
- 114386External Broken Resources Detected
New- 114387PaperCut NG/MF < 22.1.3 Path Traversal
- 114388Facade Ignition < 2.5.2 Remote Code Execution
- 114389ChatGPT-web Detected
- 114390AnythingLLM API Sensitive Information Disclosure
- 114391Dify Detected
- 114392Danswer Detected
|
Jul 22, 2024, 7:15 AM Modified Detection- 114360Apache 2.4.x < 2.4.60 Multiple Vulnerabilities
- 114363Apache 2.4.60 Source Code Disclosure
- 114382Missing 'Content-Type' Charset
New- 114383Ivanti EPM Cloud Services Appliance < 4.6.0-512 Remote Code Execution
- 114384Progress Kemp LoadMaster Remote Command Execution
- 114385Apache 2.4.x < 2.4.62 Multiple Vulnerabilities
|
Jul 18, 2024, 6:31 AM Modified Detection- 113117Magento Administration Panel Login Form Bruteforced
- 114325Adobe Commerce / Magento XML External Entity Injection (CosmicSting)
- 114357Polyfill Detected
- 114373Joomla! 5.x < 5.1.2 Multiple Vulnerabilities
- 114374Joomla! 4.x < 4.4.6 Multiple Vulnerabilities
- 114375Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
- 114377Atlassian Confluence < 7.19.22 Cross-Site Scripting
- 114378Atlassian Confluence 7.20.x < 8.5.9 Cross-Site Scripting
- 114379Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting
- 114381Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution
New- 114367H2O Flow Detected
- 114368Bricks Theme for WordPress < 1.9.6.1 Remote Code Execution
- 114369Qlik Sense Enterprise Path Traversal
- 114370Grafana Default Credentials
- 114371Odoo Database Manager Detected
- 114372Odoo Unprotected Database Manager
- 114376ServiceNow Server-Side Template Injection
- 114380Nortek Linear eMerge E3-Series < 0.32-08f Command Injection
|
