Newest Web App Scanning Plugins from Tenable

WordPress 6.4.x < 6.4.8 Multiple Vulnerabilities

Thu, 12 Mar 2026 00:00:00 GMT

Web App Scanning Plugin ID 115170 with Medium Severity

Synopsis

WordPress 6.4.x < 6.4.8 Multiple Vulnerabilities

Description

Description

According to its self-reported version number, the CKEditor application running on the remote host is 5.40.x prior to 5.41.3.2 or 5.43.1.x prior to 5.43.1.1. It is, therefore, affected by a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to CKEditor version 5.43.1.1 or later.

CKEditor 5.40.0.x < 5.41.3.2 Cross-Site Scripting

Tue, 10 Mar 2026 00:00:00 GMT

Web App Scanning Plugin ID 115163 with Medium Severity

Synopsis

CKEditor 5.40.0.x < 5.41.3.2 Cross-Site Scripting

The remote server does not offer TLS 1.3 protocol which is required to provide good encryption security.

Solution

Apache Tomcat 9.0.0-M1 < 9.0.113 Multiple Vulnerabilities

Thu, 05 Mar 2026 00:00:00 GMT

Web App Scanning Plugin ID 115154 with Medium Severity

Synopsis

Apache Tomcat 9.0.0-M1 < 9.0.113 Multiple Vulnerabilities

Description

Description

The version of Apache Tomcat installed on the remote host is 9.0.83 prior to 9.0.115, 10.1.0-M7 prior to 10.1.52 or 11.0.0-M1 prior to 11.0.18. It is, therefore, affected by a incomplete OCSP verification checks. When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 9.0.115 or later.

Apache Tomcat 10.1.0-M7 < 10.1.52 Incomplete OCSP Verification Checks

Thu, 05 Mar 2026 00:00:00 GMT

Web App Scanning Plugin ID 115150 with High Severity

Synopsis

Apache Tomcat 10.1.0-M7 < 10.1.52 Incomplete OCSP Verification Checks

Description

Solution

Upgrade to Apache Tomcat version 10.1.52 or later.

Apache Tomcat 11.0.0-M1 < 11.0.18 Incomplete OCSP Verification Checks

Thu, 05 Mar 2026 00:00:00 GMT

Web App Scanning Plugin ID 115149 with High Severity

Synopsis

Apache Tomcat 11.0.0-M1 < 11.0.18 Incomplete OCSP Verification Checks

Solution

Upgrade to Roundcube Webmail version 1.5.10 or later.

Roundcube Webmail 1.6.x < 1.6.12 Multiple Vulnerabilities

Wed, 11 Feb 2026 00:00:00 GMT

Web App Scanning Plugin ID 115137 with High Severity

Synopsis

Roundcube Webmail 1.6.x < 1.6.12 Multiple Vulnerabilities

Description

According to its self-reported version number, Roundcube Webmail is prior to 1.5.12 or 1.6.x prior to 1.6.12. Therefore, it may be affected by multiple vulnerabilities :

- An Information disclosure vulnerability in the HTML style sanitizer.

- A Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Roundcube Webmail version 1.6.12 or later.

Roundcube Webmail < 1.5.12 Multiple Vulnerabilities

Wed, 11 Feb 2026 00:00:00 GMT

Web App Scanning Plugin ID 115136 with High Severity

Synopsis

Roundcube Webmail < 1.5.12 Multiple Vulnerabilities

This is an informational plugin to inform the user that the scanner has detected a publicly accessible OpenAssistantGPT chatbot on the target application. OpenAssistantGPT is community open-Source SaaS for crafting/building/creating chatbots with OpenAI's assistant API that you can add to your website. This detection is included in the AI and LLM category.

Solution

Zimbra Collaboration 10.0.x < 10.0.18 / 10.1.x < 10.1.13 Local File Inclusion

Tue, 27 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115122 with High Severity

Synopsis

Zimbra Collaboration 10.0.x < 10.0.18 / 10.1.x < 10.1.13 Local File Inclusion

Description

Zimbra Collaboration versions prior to 10.0.18 and 10.1.13 are vulnerable to Local File Inclusion (LFI) in the Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can exploit this vulnerability by crafting requests to the /h/rest endpoint, which can lead to the inclusion of arbitrary files from the WebRoot directory.

Solution

Upgrade to Zimbra 10.0.18 or 10.1.13 or later.

Deep Chat Chatbot Detected

Wed, 21 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115115 with Info Severity

Synopsis

Deep Chat Chatbot Detected

Description

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Deep Chat chatbot on the target application. Deep Chat is an open-source framework for building AI chatbots that can be integrated into websites and applications. This detection is included in the AI and LLM category.

Update to Joomla! version 6.0.2 or latest.

Joomla! 3.9.x < 5.4.2 Multiple Vulnerabilities

Thu, 08 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115100 with High Severity

Synopsis

Joomla! 3.9.x < 5.4.2 Multiple Vulnerabilities

Description

PostgREST is a standalone web server that turns your PostgreSQL database directly into a RESTful API. By default, PostgREST does not implement any authentication or access control mechanisms, which can lead to unauthorized access to sensitive data if the server is exposed to untrusted networks without proper safeguards in place.

An attacker who discovers an exposed PostgREST server could potentially retrieve, modify, or delete data from the underlying PostgreSQL database, depending on the database permissions configured for the PostgREST user. This could lead to data breaches, data loss, or unauthorized data manipulation.

Solution

Restrict access using a .htaccess file, limiting access to known IP Addresses.

FreeBPX 17.0.x < 17.0.23 Authentication Bypass

Mon, 05 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115086 with Critical Severity

Synopsis

FreeBPX 17.0.x < 17.0.23 Authentication Bypass

Description

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to FreeBPX version 17.0.23 or later.

FreeBPX < 16.0.44 Authentication Bypass

Mon, 05 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115085 with Critical Severity

Synopsis

FreeBPX < 16.0.44 Authentication Bypass

Description

Solution

Upgrade to FreeBPX version 16.0.44 or later.

FreeBPX 17.0.x < 17.0.6 Multiples Vulnerabilities

Mon, 05 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115084 with High Severity

Synopsis

FreeBPX 17.0.x < 17.0.6 Multiples Vulnerabilities

Description

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities :

- An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting the fwbrand parameter.

- SQL injection vulnerabilities exist in the FreePBX Endpoint Management module affecting multiple parameters.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to FreeBPX version 17.0.6 or later.

FreeBPX < 16.0.92 Multiples Vulnerabilities

Mon, 05 Jan 2026 00:00:00 GMT

Web App Scanning Plugin ID 115083 with High Severity

Synopsis

FreeBPX < 16.0.92 Multiples Vulnerabilities

This plugin detects the presence of the Adobe Experience Manager (AEM) Forms Login panel on a web application.

Solution

Restrict access to the endpoint using a .htaccess file, limiting access to known IP Addresses

Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115064 with Medium Severity

Synopsis

Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

Description

The remote Adobe Experience Manager (AEM) QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the JCR roles of the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servlet endpoint.

Solution

Restrict access to the endpoint using a .htaccess file, limiting access to known IP Addresses

AI Service Secret Disclosure

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115063 with High Severity

Synopsis

AI Service Secret Disclosure

Description

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data.

Developers sometimes hard code such data in various places of their applications, without realizing that it could become publicly available in client-side JavaScript or, for example, HTML comments. By leveraging these sensitive information, a remote and unauthenticated attacker could gain access to an external AI service used by the web application and the organization.

Solution

Third-Party Service Secret Disclosure

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115062 with High Severity

Synopsis

Third-Party Service Secret Disclosure

Description

Solution

Adobe Experience Manager (AEM) Dispatcher Bypass

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115061 with High Severity

Synopsis

Adobe Experience Manager (AEM) Dispatcher Bypass

Description

The remote Adobe Experience Manager (AEM) is affected by a dispatcher misconfiguration that allows for security filter bypass. By sending a specially crafted request, an unauthenticated, remote attacker can access internal endpoints, such as the QueryBuilder JSON API. A successful exploit could lead to unauthorized access and information disclosure).

Solution

It is recommended to review and strengthen the AEM Dispatcher's filter rules to follow a 'deny by default' approach. Ensure that access to sensitive administrative and internal endpoints, such as `/bin/querybuilder.json`, is explicitly denied. Consult the Adobe Experience Manager Dispatcher Security Checklist for comprehensive guidance on securing the dispatcher configuration.

Adobe Experience Manager (AEM) CRX Content Explorer

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115060 with Info Severity

Synopsis

Adobe Experience Manager (AEM) CRX Content Explorer

Description

This plugin detects the presence of the Adobe Experience Manager (AEM) CRX Content Explorer interface. The CRX Content Explorer is a web-based interface used to manage and interact with the content repository of Adobe Experience Manager.

Solution

Adobe Experience Manager (AEM) Felix Console Default Credentials

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115059 with High Severity

Synopsis

Adobe Experience Manager (AEM) Felix Console Default Credentials

Description

The remote Adobe Experience Manager (AEM) Felix Console is configured with default or predictable credentials, which could allow an attacker to gain unauthorized access to the application and potentially compromise the underlying system.

Solution

The application should not be configured with accounts using default or predictable credentials. A complex password policy should be defined and enforced on every account available in the application to prevent attackers from guessing it and have unauthorized access to the application.

Adobe Experience Manager (AEM) Debugging Client Libraries Exposure

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115058 with Info Severity

Synopsis

Adobe Experience Manager (AEM) Debugging Client Libraries Exposure

Description

This plugin detects the presence of the Adobe Experience Manager (AEM) Debugging Client Libraries on a web server. These libraries are intended for development and debugging purposes and should not be exposed in a production environment, as they may contain sensitive information or functionality that could be exploited by attackers.

Adobe Experience Manager (AEM) CRX Namespace Editor Panel Detected

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115052 with Medium Severity

Synopsis

Adobe Experience Manager (AEM) CRX Namespace Editor Panel Detected

Description

This plugin detects the presence of the Adobe Experience Manager (AEM) CRX Namespace Editor panel on a web application. The CRX Namespace Editor panel is part of the AEM's content repository management interface, allowing administrators to manage namespaces and node types within the repository. Unauthorized access to this panel can lead to potential security risks, including unauthorized modifications to the content repository structure.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known IP Addresses.

Sneeit Framework Plugin for WordPress < 8.4 Remote Code Execution

Thu, 04 Dec 2025 00:00:00 GMT

Web App Scanning Plugin ID 115051 with Critical Severity

Synopsis

Sneeit Framework Plugin for WordPress < 8.4 Remote Code Execution

Description

The WordPress Sneeit Framework Plugin installed on the remote host is affected by a Remote Code Execution vulnerability due to insufficient input validation in the sneeit_articles_pagination_callback() function, which accepts user input and passes it through the call_user_func() function. This allows unauthenticated attackers to execute arbitrary code on the server.

Solution

Upgrade to Lucee version 5.4.3.2 or later.

Lucee < 5.3.12.1 Remote Code Execution

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115038 with Critical Severity

Synopsis

Lucee < 5.3.12.1 Remote Code Execution

Description

Solution

Upgrade to Lucee version 5.3.12.1 or later.

Telerik UI for ASP.NET AJAX Unsafe Reflection

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115037 with High Severity

Synopsis

Telerik UI for ASP.NET AJAX Unsafe Reflection

Description

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Telerik UI for ASP.NET AJAX version 2025 Q1 SP2 (2025.1.416) or later.

Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities

Mon, 17 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115036 with High Severity

Synopsis

Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities

Description

Description

Lucee versions prior to 6.0.1.59 are vulnerable to Remote Code Execution (RCE) via crafted cookies. An attacker can exploit this vulnerability by sending a specially crafted cookie to the server, which can lead to arbitrary code execution on the server hosting the Lucee application.

Solution

Update to Lucee version 6.0.1.59 or latest.

Fortinet FortiWeb Authentication Bypass

Fri, 14 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115040 with Critical Severity

Synopsis

Fortinet FortiWeb Authentication Bypass

Description

Fortinet FortiWeb versions 7.0.x < 7.0.12, 7.2.x < 7.2.12, 7.4.x < 7.4.10, 7.6.x < 7.6.5, 8.0.x < 8.0.2 suffer from an authentication bypass vulnerability. By crafting a specific request, a remote and unauthenticated attacker can create a new user account and compromise the affected system.

Solution

Upgrade to FortiWeb version 7.0.12, 7.2.12, 7.4.10, 7.6.5, 8.0.2 or later.

Lucee Unset Credentials

Mon, 10 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 155029 with Critical Severity

Synopsis

Lucee Unset Credentials

Description

Lucee web application server may be configured with no credentials. If an attacker setup the default accounts, they could gain unauthorized access to the application and perform arbitrary actions on it.

Solution

DotNetNuke < 10.1.1 Unrestricted File Upload

Mon, 10 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115031 with Critical Severity

Synopsis

DotNetNuke < 10.1.1 Unrestricted File Upload

Description

DotNetNuke CMS versions prior to 10.1.1 are affected by an unrestricted file upload vulnerability due to improper validation of uploaded files in the default HTML editor provider. This vulnerability allows unauthenticated users to upload files without proper restrictions, potentially leading to overwriting existing files on the server.

An attacker could exploit this vulnerability by uploading malicious files, which could lead to website defacement or, when combined with other vulnerabilities, the execution of cross-site scripting (XSS) payloads.

Solution

Upgrade to DNN Platform 10.1.1 or later.

Gladinet CentreStack/Triofox < 16.10.10408.56683 Local File Inclusion

Mon, 10 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115030 with High Severity

Synopsis

Mon, 10 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115027 with Medium Severity

Synopsis

Lucee Administration Panel Login Form Detected

Description

Lucee Administration Panel has been detected on the target web application.

This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known IP Addresses.

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

Tue, 04 Nov 2025 00:00:00 GMT

Web App Scanning Plugin ID 115026 with High Severity

Synopsis

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

Description

Description

Description

Description

According to its banner, the version of Authentik running on the remote host is prior to 2024.6.5 or 2024.8.x prior to 2024.8.3. It is, therefore, affected by an Authentication Bypass vulnerability via the X-Forwarded-For header.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Authentik version 2024.6.5 or 2024.8.3 or later.

Authentik < 2024.6.5 Authentication Bypass

Fri, 24 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 115011 with Critical Severity

Synopsis

Authentik < 2024.6.5 Authentication Bypass

This is an informational notice that the scanner was able to detect custom HTTP headers in the target application's responses.

Solution

Zimbra Collaboration 10.0.x < 10.0.13 Stored Cross-Site Scripting

Tue, 21 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 115005 with Medium Severity

Synopsis

Zimbra Collaboration 10.0.x < 10.0.13 Stored Cross-Site Scripting

Description

According to its banner, the version of Zimbra Collaboration running on the remote host is 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.5. It is, therefore, affected by a Stored Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization of HTML content in ICS files.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Zimbra Collaboration version 10.0.13, 10.1.5 or later.

Zimbra Collaboration 10.1.x < 10.1.5 Stored Cross-Site Scripting

Tue, 21 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 115004 with Medium Severity

Synopsis

Zimbra Collaboration 10.1.x < 10.1.5 Stored Cross-Site Scripting

Description

According to its self-reported version, the Grafana install hosted on the remote host is prior to 11.6.2. It is, therefore, affected by an improper input validation.

- An excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to Grafana version 11.6.2 or later.

Grafana 12.1.x < 12.1.2 Multiples Vulnerabilities

Tue, 07 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 114992 with High Severity

Synopsis

Grafana 12.1.x < 12.1.2 Multiples Vulnerabilities

Description

Solution

Update to Joomla! version 5.3.4 or latest.

TRUFusion Entreprise Sensitive Data Exposure

Fri, 03 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 114980 with Medium Severity

Synopsis

TRUFusion Entreprise Sensitive Data Exposure

Description

TRUFusion Entreprise is a solution to easily and securely manage the exchange of CAD files and related product design data from within your PLM system. Due to a lack of control, it is possible for an unauthenticated attacker to access an endpoint that returns all partners who have access to the instance.

Solution

Refer to the TRUFusion Entreprise advisory for mitigation options.

pyLoad Default Credentials

Fri, 03 Oct 2025 00:00:00 GMT

Web App Scanning Plugin ID 114979 with Critical Severity

Synopsis

pyLoad Default Credentials

Description

pyLoad is an open-source download manager written in Python. By default, pyLoad is configured with a default username and password allowing any attacker to log in to the application and have full access to its functionality. An attacker can leverage this vulnerability to perform further attacks against the application.

Tue, 23 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114967 with Medium Severity

Synopsis

Jenkins User Registration Form Detected

Description

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying applications. An internal only Jenkins instance may be misconfigured to allow user registration, potentially leading to attackers creating accounts and gaining unauthorized access to the Jenkins instance and its resources.

Solution

Review the scope of the Jenkins instance. If the detected instance is intended for internal users only, disable the user registration feature.

MCP Server Tools Detected

Fri, 19 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114965 with Info Severity

Synopsis

MCP Server Tools Detected

Description

This is an informational notice that the scanner was able to detect the exposition of tools on the target Model Context Protocol (MCP) server.

Nuxt Icon < 1.4.5 Server-Side Request Forgery

Tue, 09 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114958 with High Severity

Synopsis

Nuxt Icon < 1.4.5 Server-Side Request Forgery

Description

Nuxt Icon versions prior to 1.4.5 are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs in the icon fetching functionality. An attacker can exploit this vulnerability by providing a malicious URL that points to an internal or restricted resource, potentially leading to unauthorized access or data exfiltration.

Solution

Upgrade to Next.js version 9.5.4 or later.

FreeBPX < 17.0.3 Authentication Bypass

Wed, 03 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114957 with Critical Severity

Synopsis

FreeBPX < 17.0.3 Authentication Bypass

Description

Description

According to its Server response header, the installed version of nginx is from 0.7.22 to 1.29.0. It is, therefore, affected by a buffer over-read vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx version 1.29.1 or later.

Apache Tomcat 9.0.0-M1 < 9.0.108 Denial of Service

Wed, 03 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114953 with High Severity

Synopsis

Apache Tomcat 9.0.0-M1 < 9.0.108 Denial of Service

Description

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.108, 10.1.0-M1 prior to 10.1.44 or 11.0.0-M1 prior to 11.0.10. It is, therefore, affected by a denial of service vulnerability due to Tomcat's HTTP/2 implementation vulnerable to the made you reset attack.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 9.0.108 or later.

Apache Tomcat 10.1.0-M1 < 10.1.44 Denial of Service

Wed, 03 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114952 with High Severity

Synopsis

Apache Tomcat 10.1.0-M1 < 10.1.44 Denial of Service

Description

Solution

Upgrade to Apache Tomcat version 10.1.44 or later.

Apache Tomcat 11.0.0-M1 < 11.0.10 Denial of Service

Wed, 03 Sep 2025 00:00:00 GMT

Web App Scanning Plugin ID 114951 with High Severity

Synopsis

Apache Tomcat 11.0.0-M1 < 11.0.10 Denial of Service

WSDL schema file could not be imported and cannot be used during the scan.

Solution

WSDL Import Success

Tue, 19 Aug 2025 00:00:00 GMT

Web App Scanning Plugin ID 114929 with Info Severity

Synopsis

WSDL Import Success

Description

WSDL schema file was successfully imported and can be used during the scan.

ClearML < 1.16.0 Unauthenticated File Access

Mon, 11 Aug 2025 00:00:00 GMT

Web App Scanning Plugin ID 114939 with Critical Severity

Synopsis

ClearML < 1.16.0 Unauthenticated File Access

Description

According to its banner, the version of ClearML running on the remote host is < 1.16.0. It is, therefore, affected by an Unauthenticated File Access due to the lack of authentication of the fileserver component.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ClearML version 1.16.0 or later.

ClearML Detected

Mon, 11 Aug 2025 00:00:00 GMT

Web App Scanning Plugin ID 114938 with Info Severity

Synopsis

ClearML Detected

Description

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ClearML instance on the target application. ClearML is an infrastructure platform for AI builders. This detection is included in the AI and LLM category.

Description

Sitecore XM, XP and XC version 9.x <= 9.3 or version 10.x < 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

Solution

Update at least to Sitecore XM/XP/XC version 10.4.1 rev. 011941 PRE.

Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities

Fri, 20 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114888 with High Severity

Synopsis

Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities

Description

Description

ModelContextProtocol (MCP) servers using SSE (Server-Sent Events) transport mode are prone to DNS rebinding attacks when they do not enforce strict verification of both the 'Origin' and 'Host' headers. This vulnerability allows an attacker to bypass same-origin policies, potentially leading to unauthorized access to sensitive data or actions on behalf of the user in the context of the vulnerable MCP server.

This detection is included in the AI and LLM category.

Solution

Ensure that the MCP server enforces both the 'Origin' and the 'Host' header validation to prevent DNS rebinding attacks. This can be achieved by implementing strict validation rules for incoming requests, ensuring that the 'Host' header matches the expected domain and that the 'Origin' header is from a trusted source.

FastJSON Object Deserialization

Tue, 17 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114884 with Critical Severity

Synopsis

FastJSON Object Deserialization

Description

Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes.

When an application using the FastJSON library performs untrusted data deserialization, an attacker could inject a custom serialized JSON object to trigger malicious code execution on the system or to generate a Denial of Service attack (DoS).

It was determined that the target Java application using FastJSON is vulnerable to this attack as it deserializes a user-supplied object.

Solution

Untrusted data should never be deserialized by the application. If required, a code review should be done to prevent deserialization of arbitrary classes and to harden the whole process. Ensure the FastJSON library is updated to the latest version, and consider using FastJSON's safe mode or implementing custom whitelisting/blacklisting of classes for deserialization if updating is not immediately possible.

Llms.txt File Detected

Wed, 11 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114883 with Info Severity

Synopsis

Llms.txt File Detected

Description

This is an informational plugin to inform the user that the scanner has detected a publicly accessible 'llms.txt' file on the target application. The 'llms.txt' file is a proposal designed to provide LLM-friendly content written in markdown for LLMs usage. This detection is included in the AI and LLM category.

Solution

GraphQL Unauthenticated Mutation Detected

Wed, 11 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114882 with Medium Severity

Synopsis

GraphQL Unauthenticated Mutation Detected

Description

GraphQL is an open-source query and manipulation language for APIs. Unlike regular queries that only read data, mutations are operations designed to modify data on the server. When GraphQL APIs allow mutation operations without requiring proper authentication, attackers can manipulate, insert, update, or delete data without authorization.

Solution

Implement proper authentication and authorization controls on all GraphQL endpoints, especially for mutation operations.

MCP Server Unauthenticated Access

Wed, 11 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114791 with Info Severity

Synopsis

MCP Server Unauthenticated Access

Description

This is an informational notice that the scanner was able to detect a Model Context Protocol (MCP) server available without authentication on the target server. When available, the plugin provides the list of tools, prompts and resources in the attachments.

Solution

Update to Grafana version 9.3.4 or latest.

Grafana < 9.2.10 Cross-site Scripting

Wed, 04 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114864 with Medium Severity

Synopsis

Grafana < 9.2.10 Cross-site Scripting

Description

Solution

Update to Grafana version 9.2.10 or latest.

Grafana 9.3.x < 9.3.8 Multiple Vulnerabilities

Wed, 04 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114863 with Medium Severity

Synopsis

Grafana 9.3.x < 9.3.8 Multiple Vulnerabilities

Description

Description

Description

Description

Description

Description

Description

Description

Description

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to Grafana version 11.3.0+security-01 or latest.

Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment

Wed, 04 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114828 with Medium Severity

Synopsis

Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment

Description

Solution

Update to Grafana version 11.2.3+security-01 or latest.

Grafana < 11.4.1 Exposure Of Sensitive Information To An Unauthorized Actor

Wed, 04 Jun 2025 00:00:00 GMT

Web App Scanning Plugin ID 114827 with Medium Severity

Synopsis

Grafana < 11.4.1 Exposure Of Sensitive Information To An Unauthorized Actor

Description

Description

Description

Description

Description

MCP (Model Context Protocol) configuration files allow specific softwares such as IDEs like Cursor to interact with MCP servers. These files may contain sensitive information which could assist an attack to conduct further attacks.

Solution

Restrict access to this client configuration file or delete it if not required by the target web application. Ensure that all potential secrets available in the file are rotated.

Atlassian Jira 10.5.x < 10.5.1 Privilege Escalation

Thu, 22 May 2025 00:00:00 GMT

Web App Scanning Plugin ID 114802 with High Severity

Synopsis

Atlassian Jira 10.5.x < 10.5.1 Privilege Escalation

Description

Description

SonicWall Secure Mobile Access (SMA) versions prior to 10.2.1.14-75sv are affected by an unauthenticated arbitrary file read vulnerability. This vulnerability allows an unauthenticated attacker to read arbitrary files on the system, potentially leading to sensitive information disclosure.

Solution

Upgrade to SonicWall Secure Mobile Access (SMA) version 10.2.1.14-75sv or later.

Label Studio < 1.18.0 Reflected Cross-Site Scripting

Thu, 22 May 2025 00:00:00 GMT

Web App Scanning Plugin ID 114798 with High Severity

Synopsis

Label Studio < 1.18.0 Reflected Cross-Site Scripting

Description

Label Studio versions prior to 1.18.0 are vulnerable to a Reflected Cross-Site Scripting on '/projects/upload-example/' endpoint. This detection is included in the AI and LLM category.

Solution

Upgrade to Label Studio 1.18.0 or later.

MCP Inspector Detected

Thu, 22 May 2025 00:00:00 GMT

Web App Scanning Plugin ID 114797 with Info Severity

Synopsis

MCP Inspector Detected

Description

This is an informational notice that the scanner was able to detect an MCP (Model Context Procol) Inspector instance on the target server.

GraphQL schema file could not be imported and cannot be used during the scan.

Solution

GraphQL Import Success

Fri, 16 May 2025 00:00:00 GMT

Web App Scanning Plugin ID 114775 with Info Severity

Synopsis

GraphQL Import Success

Description

GraphQL schema file was successfully imported and can be used during the scan.

Update to Joomla! version 4.4.13 or latest.

Joomla! 5.x < 5.2.6 Multiple Vulnerabilities

Thu, 17 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114773 with Medium Severity

Synopsis

Joomla! 5.x < 5.2.6 Multiple Vulnerabilities

Solution

Upgrade to Next.js version 13.5.7 or later.

Next.js 9.5.5 < 14.2.15 Authorization Bypass

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114768 with High Severity

Synopsis

Next.js 9.5.5 < 14.2.15 Authorization Bypass

Description

The version of Next.js installed on the remote host is 9.5.5 prior to 14.2.15. It is, therefore, affected by Authorization Bypass if the authorization check occurs in middleware.

Note that the scanner has not attempted to exploit this issue but has instead relied only on application's self-reported version number.

Solution

Upgrade to Next.js version 14.2.15 or later.

Moodle < 3.9.20 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114767 with Critical Severity

Synopsis

Moodle < 3.9.20 Multiple Vulnerabilities

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.3. It is, therefore, affected by an Arbitrary Folder creation in TinyMCE.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Moodle version 4.1.3 or later.

Moodle < 3.9.21 SQL injection

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114762 with High Severity

Synopsis

Moodle < 3.9.21 SQL injection

Description

Description

Description

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Moodle version 3.9.23 or later.

Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114746 with Medium Severity

Synopsis

Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade

Description

Solution

Upgrade to Moodle version 3.11.16 or later.

Moodle < 3.9.23 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114745 with Critical Severity

Synopsis

Moodle < 3.9.23 Multiple Vulnerabilities

Description

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is 4.2.x prior to 4.2.4 or 4.3.x prior to 4.3.1. It is, therefore, affected by multiple cross-site scripting:

- Reflected XSS risk on ad-hoc tasks page

- Reflected XSS risk in grader report search

- Stored XSS in grader report via user ID number

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Moodle version 4.3.1 or later.

Moodle 4.2.x < 4.2.4 Multiple Cross-Site Scripting

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114734 with Medium Severity

Synopsis

Moodle 4.2.x < 4.2.4 Multiple Cross-Site Scripting

Description

Solution

Upgrade to Moodle version 4.2.4 or later.

Moodle 4.2.x < 4.2.4 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114733 with High Severity

Synopsis

Moodle 4.2.x < 4.2.4 Multiple Vulnerabilities

Description

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is 4.3.x prior to 4.3.4. It is, therefore, affected by multiple vulnerabilities.

- Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilised.

- The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.

- The referrer URL used by MFA required additional sanitizing, rather than being used directly.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Moodle version 4.3.4 or latest.

Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114724 with Medium Severity

Synopsis

Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities

Description

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference.

- An IDOR when accessing list of badge recipients.

- An IDOR when accessing list of course badges.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Moodle version 4.4.4 or latest.

Moodle < 4.1.14 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114710 with Medium Severity

Synopsis

Moodle < 4.1.14 Multiple Vulnerabilities

Description

Description

Description

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.17 or 4.3.x prior to 4.3.11 or 4.4.x prior to 4.4.7 or 4.5.x prior to 4.5.3. It is, therefore, affected by a data exposure through the REST API.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to Moodle version 4.5.3 or later.

Moodle 4.1.x < 4.1.16 Multiple Vulnerabilities

Thu, 10 Apr 2025 00:00:00 GMT

Web App Scanning Plugin ID 114700 with Critical Severity

Synopsis

Moodle 4.1.x < 4.1.16 Multiple Vulnerabilities

Description

Solution

Upgrade to Age Gates for Woocommerce Plugin for WordPress 3.5.4

Drupal 8.0.x < 10.3.14 Cross-Site Scripting

Mon, 24 Mar 2025 00:00:00 GMT

Web App Scanning Plugin ID 114679 with Medium Severity

Synopsis

Drupal 8.0.x < 10.3.14 Cross-Site Scripting

Description

Description

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities:

- libxml streams use wrong content-type header when requesting a redirected resource. (CVE-2025-1219)

- Stream HTTP wrapper header check might omit basic auth header. (CVE-2025-1736)

- Stream HTTP wrapper truncate redirect location to 1024 bytes. (CVE-2025-1861)

- Streams HTTP wrapper does not fail for headers without colon. (CVE-2025-1734)

- Header parser of `http` stream wrapper does not handle folded headers. (CVE-2025-1217)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PHP version 8.1.32 or later.