Current Findings

Findings are generated in three primary ways:

  1. Query-based: These findings are identified through specific queries defined within the system (see list below).
  2. Nuclei-generated: These findings result from scans where default credentials and vulnerability checks are enabled, leveraging Nuclei templates (see templates).
  3. KEV (Known Exploited Vulnerabilities): These findings are triggered when a discovered vulnerability is present on the CISA Known Exploited Vulnerabilities (KEV) catalog or VulnCheck KEV.

Below is a list of the current Finding codes and what searches generate them:

Finding code reference

Click on a Finding code below to navigate to this specific Finding in your console.

  • best-practice-admin-interface (US | EU)
  • best-practice-insecure-authentication (US | EU)
  • best-practice-obsolete-protocol (US | EU)
  • best-practice-service-misconfiguration (US | EU)
  • certificates-expiration (US | EU)
  • certificates-ioasm-private-key-shared (US | EU)
  • compliance-ndaa-section-889 (US | EU)
  • compliance-prohibited-software (US | EU)
  • compliance-secure-networks-act-section-2 (US | EU)
  • eol-asset (US | EU)
  • eol-os (US | EU)
  • internet-exposed-database (US | EU)
  • internet-exposed-ioasm-public-internal-asset (US | EU)
  • internet-exposed-ot (US | EU)
  • internet-exposed-service (US | EU)
  • open-access-default-credentials (US | EU)
  • open-access-unauth-admin-service (US | EU)
  • open-access-unauth-database (US | EU)
  • open-access-unauth-files (US | EU)
  • rapid-response-assets (US | EU)
  • rapid-response-services (US | EU)
  • tls-risk (US | EU)
  • vulnerability-auth-bypass (US | EU)
  • vulnerability-dos (US | EU)
  • vulnerability-info-disclosure (US | EU)
  • vulnerability-kev (US | EU)
  • vulnerability-privilege-escalation (US | EU)
  • vulnerability-rce (US | EU)

best-practice-insecure-authentication #

  • [Low] Authenticated Web Service Without Encryption

best-practice-obsolete-protocol #

  • [Info] SMB Version 1 Enabled
  • [Info] Obsolete SSL Protocol

best-practice-service-misconfiguration #

  • [Info] Network Time Protocol Service With Skewed Clock
  • [Info] SMB Signing Not Required
  • [Low] SNMP Default Community

certificates-expiration #

  • [Info] Expired Certificate On TLS Service
  • [Info] Certificate On TLS Service Expires Soon

certificates-ioasm-private-key-shared #

  • [Medium] Private Key Is Widely Shared

compliance-ndaa-section-889 #

  • [Info] NDAA 2019 Section 889 Equipment

compliance-prohibited-software #

  • [Info] Kaspersky Lab Software
  • [Info] Kaspersky Lab Security Software

compliance-secure-networks-act-section-2 #

  • [Info] Secure Networks Act Section 2 Equipment

eol-asset #

  • [Critical] Sangoma FreePBX
  • [High] Accellion File Transfer Appliance
  • [High] AutomationDirect MB-GATEWAY
  • [High] Cisco Small Business Routers
  • [High] Cisco Small Business Switches
  • [Info] D-Link DNS Family NAS
  • [Info] Edimax IC-7100 IP Camera
  • [Info] PowerDNS Recursor
  • [Info] Zyxel CPE Remote Command Execution

eol-os #

  • [High] End-of-Life Operating System

internet-exposed-database #

  • [High] Publicly Exposed Configuration Database Server
  • [Low] Publicly Exposed Key-Value Database Server
  • [Low] Publicly Exposed NoSQL Database Server
  • [Low] Publicly Exposed Relational Database Server

internet-exposed-ioasm-public-internal-asset #

  • [Low] Potential External Access To NoSQL Database Server
  • [Low] Potential External Access To Relational Database Server
  • [Low] Potential External Access To Remote Desktop Gateway
  • [Low] Potential External Access To Windows Management Service
  • [Low] Potential External Access To Configuration Database Server
  • [Low] Potential External Access To Key-Value Database Server
  • [Low] Potential External Access To SSH Server With Password Authentication
  • [Medium] Potential External Access To Internal Asset
  • [Medium] Potential External Access To Operational Technology Service
  • [Medium] Potential External Access To Remote Desktop Service

internet-exposed-ot #

  • [Low] Publicly Exposed Operational Technology Service

internet-exposed-service #

  • [Medium] Publicly Exposed Baseboard Management Controller
  • [Medium] Publicly Exposed Remote Desktop Gateway
  • [Medium] Publicly Exposed SSH Server With Password Authentication
  • [Medium] Publicly Exposed Windows Management Service
  • [Medium] Publicly Exposed Remote Desktop Service

open-access-unauth-admin-service #

  • [Critical] Unauthenticated Android Debug Bridge
  • [Critical] Cisco Smart Install Service
  • [Critical] Unauthenticated Distributed Ruby Service
  • [Critical] Sun Solaris sadmind RPC Service
  • [Critical] Zabbix Agent Without ACL
  • [Medium] Click Modular Router Shell

open-access-unauth-database #

  • [Critical] Unauthenticated CNCF etcd Database
  • [Critical] Unauthenticated Apache ZooKeeper Database
  • [Critical] Unauthenticated MongoDB Database
  • [High] Unauthenticated HashiCorp Consul Database
  • [High] Unauthenticated Memcached Database
  • [High] Unauthenticated Redis Database
  • [High] Unauthenticated Cassandra Database
  • [High] Unauthenticated Apache CouchDB Database
  • [High] Unauthenticated Elastic Search Database
  • [High] Unauthenticated InfluxDB Database
  • [High] Unauthenticated Riak Database
  • [Medium] Unauthenticated MongoDB Database (Limited)

open-access-unauth-files #

  • [Medium] World-Readable NFS Export

rapid-response-assets #

  • [Info] Rapid Response: Cisco Secure Email Gateway and Web Manager (CVE-2025-20393)
  • [Info] Rapid Response: Fortinet FortiWeb Relative Path Traversal (CVE-2025-64446)
  • [Info] Rapid Response: Multiple Fortinet Products Authentication Bypass (CVE-2025-59718 and CVE-2025-59719)
  • [Medium] Rapid Response: Fortinet FortiVoice SQL Injection (CVE-2025-58692)

rapid-response-services #

  • [High] Rapid Response: Veeam Backup & Replication RCE Multiple Vulnerabilities (2025-10)
  • [Info] Rapid Response: CWP (Control Web Panel) OS Command Injection (CVE-2025-48703)
  • [Info] Rapid Response: Gladinet Triofox Multiple Vulnerabilities (2025-11)
  • [Info] Rapid Response: Gogs File Overwrite Vulnerability (CVE-2025-8110)
  • [Info] Rapid Response: Grafana Enterprise Privilege Escalation
  • [Info] Rapid Response: HPE OneView Remote Code Execution (CVE-2025-37164)
  • [Info] Rapid Response: Monsta FTP RCE (CVE-2025-34299)
  • [Info] Rapid Response: Oracle Identity Manager Authentication Bypass
  • [Info] Rapid Response: Vercel Next.js React Server Components RCE (CVE-2025-55182)

tls-risk #

  • [Low] Services Without HSTS
  • [Low] Services Supporting TLS 1.0
  • [Low] Services Supporting TLS 1.1
  • [Low] Certificate With Insecure Public Key
  • [Low] Certificate With Insecure Signature Algorithm

vulnerability-auth-bypass #

  • [Critical] Atlassian Confluence Server-Side Request Forgery (CVE-2019-3395)
  • [Critical] Atlassian Confluence Cross-Site Scripting (CVE-2024-4367)
  • [Critical] HPE iLO 4 Authentication Bypass
  • [Critical] Microsoft OMI WSMAN Authentication Bypass
  • [Critical] Palo Alto Networks PAN-OS Authentication Bypass
  • [Critical] SonicWall SonicOS Improper Access Control Vulnerability (CVE-2024-40766)
  • [Critical] SonicWall SSLVPN Authentication Bypass (CVE-2024-53704)
  • [High] PowerDNS Recursor Multiple Vulnerabilities (2025-10)
  • [Medium] Juniper Junos OS SRX Series Missing Authentication For Critical Function Vulnerability (CVE-2023-36846)
  • [Medium] Juniper Junos OS EX Series Missing Authentication For Critical Function Vulnerability (CVE-2023-36847)
  • [Medium] Juniper Junos OS SRX Series Missing Authentication For Critical Function Vulnerability (CVE-2023-36851)
  • [Medium] Microsoft SharePoint Improper Authentication Vulnerability (CVE-2025-49705)

vulnerability-dos #

  • [High] Apache Tomcat 10.1.0-M1 < 10.1.43 Multiple Vulnerabilities
  • [High] Apache Tomcat 10.1.0-M1 < 10.1.44 HTTP/2 MadeYouReset DoS
  • [High] Apache Tomcat 11.0.0-M1 < 11.0.10 Multiple Vulnerabilities
  • [High] Apache Tomcat 11.0.0-M1 < 11.0.9 Multiple Vulnerabilities
  • [High] Apache Tomcat 9.0.0-M1 < 9.0.107 Multiple Vulnerabilities
  • [High] Apache Tomcat 9.0.0-M1 < 9.0.108 HTTP/2 MadeYouReset DoS
  • [High] Eclipse Jetty 12.0 < 12.0.25 HTTP/2 MadeYouReset DoS
  • [Medium] OpenSSH 9.1p1 Double-Free

vulnerability-info-disclosure #

  • [Critical] Apache 2.4.49 < 2.4.51 Information Disclosure
  • [Critical] Atlassian Confluence Path Traversal (CVE-2019-3396)
  • [Critical] Zyxel Multiple Firewalls Path Traversal Vulnerability (CVE-2024-11667)
  • [Medium] Cisco IOS XR Open Port Vulnerability (CVE-2022-20821)
  • [Medium] Squid Information Disclosure (CVE-2025-62168)

vulnerability-privilege-escalation #

  • [Critical] Adobe Commerce & Magento Session Takeover With Unconfirmed RCE (CVE-2025-54236)
  • [Critical] Atlassian Confluence Privilege Escalation (CVE-2023-22515)
  • [Critical] Cisco Small Business RV Series Routers Stack-Based Buffer Overflow Vulnerability (CVE-2022-20700)
  • [Critical] Broadcom VMware ESXi Guest Escape
  • [High] ISC BIND Multiple Vulnerabilities (2025-10)
  • [Medium] GitLab SAML Authentication Bypass
  • [Medium] Plex Media Server 1.41.7.X To 1.42.0.X < 1.42.1 Undisclosed Vulnerability (CVE-2025-34158)

vulnerability-rce #

  • [Critical] Multiple Fortinet Products Buffer Overflow
  • [Critical] Cleo VLTrader < 5.8.0.21 Unrestricted File Upload/Download
  • [Critical] Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities
  • [Critical] Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
  • [Critical] AirPlay Protocol Remote Code Execution (AirBorne)
  • [Critical] Apple tvOS < 16.2 Multiple Vulnerabilities
  • [Critical] Apple tvOS < 18.6 Multiple Vulnerabilities
  • [Critical] Zyxel Multiple Firewalls Buffer Overflow Vulnerability (CVE-2023-33010)
  • [Critical] Apple tvOS < 26 Multiple Vulnerabilities
  • [Critical] Zyxel Multiple Firewalls Buffer Overflow Vulnerability (CVE-2023-33009)
  • [Critical] Apache ActiveMQ Remote Code Execution (CVE-2023-46604)
  • [Critical] Zyxel Multiple Firewalls OS Command Injection Vulnerability (CVE-2023-28771)
  • [Critical] VMware vCenter Server 7.0 < 7.0 U3t / 8.0 < 8.0 U3d Multiple Vulnerabilities
  • [Critical] Atlassian Confluence 8.0 < 8.5.4 Remote Code Execution
  • [Critical] Atlassian Confluence Remote Code Execution (CVE-2021-26084)
  • [Critical] Atlassian Confluence Remote Code Execution (CVE-2022-26134)
  • [Critical] Broadcom VMware ESXi VM Escape
  • [Critical] Cacti < 1.2.23 Remote Code Execution
  • [Critical] Apache Tomcat 10.1.0-M1 < 10.1.34 Multiple Vulnerabilities
  • [Critical] SonicWall SonicOS Buffer Overflow Vulnerability (CVE-2020-5135)
  • [Critical] Cisco Small Business RV Series VPN Routers Remote Code Execution Vulnerability (CVE-2022-20699)
  • [Critical] Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download
  • [Critical] Cleo Lexicom < 5.8.0.21 Unrestricted File Upload/Download
  • [Critical] MikroTik Router OS Directory Traversal Vulnerability (CVE-2018-14847)
  • [Critical] SonicWall SMA1000 < 12.4.3 Remote Code Execution
  • [Critical] ConnectWise ScreenConnect < 23.9.8 Remote Code Execution
  • [Critical] Apache Solr Log4Shell Remote Code Execution
  • [Critical] SolarWinds Web Help Desk RCE (CVE-2025-26399)
  • [Critical] SAP NetWeaver (RMI-P4) Insecure Deserialization (CVE-2025-42944)
  • [Critical] Sangoma FreePBX RCE (CVE-2025-57819)
  • [Critical] Rockwell Automation ControlLogix Ethernet RCE (CVE-2025-7353)
  • [Critical] Elastic Kibana 8.15.0 < 8.17.3 Remote Code Execution
  • [Critical] Elasticsearch < 1.2 Remote Code Execution
  • [Critical] Rejetto HTTP File Server 2 Remote Code Execution
  • [Critical] Rejetto HTTP File Server 2.0 < 2.3M Remote Code Execution
  • [Critical] Fortinet FortiOS Out-Of-Bound Write Vulnerability (CVE-2024-21762)
  • [Critical] Plesk Panel 9.0.X < 9.2.3 Remote Code Execution
  • [Critical] Novi Survey Insecure Deserialization Vulnerability
  • [Critical] F5 Big-IP Remote Code Execution (CVE-2021-22986)
  • [Critical] GitLab Remote Code Execution (CVE-2021-22205)
  • [Critical] HashiCorp Vault Multiple Vulnerabilities - HCSEC-2025-22
  • [Critical] PHP 8.3.0 < 8.3.8 Multiple Vulnerabilities
  • [Critical] PHP 8.2.0 < 8.2.20 Multiple Vulnerabilities
  • [Critical] PHP 8.1.0 < 8.1.29 Multiple Vulnerabilities
  • [Critical] Fortinet Multiple Products Format String Vulnerability (CVE-2024-23113)
  • [High] Cisco ConfD SSH Server Remote Code Execution
  • [High] Trimble Cityworks File Deserialization Vulnerability
  • [High] Apple tvOS < 11.4 Multiple Vulnerabilities
  • [High] Apple tvOS < 13.3.1 Multiple Vulnerabilities
  • [High] Langflow Authentication Bypass
  • [High] Apple tvOS < 15.2 Multiple Vulnerabilities
  • [High] Arcserve Unified Data Protection < 10.2 Heap Overflow Vulnerabilities
  • [High] Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability (CVE-2025-10035)
  • [High] Erlang OTP SSH Server Remote Code Execution
  • [High] DrayTek Vigor2960/Vigor300B Command Injection
  • [High] Roundcube Webmail Remote Code Execution
  • [High] Samsung MagicINFO Path Traversal Vulnerability
  • [High] Atlassian Confluence 5.2 < 7.19.22 Remote Code Execution
  • [High] SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload
  • [High] VMware ESXi OpenSLP Heap Buffer Overflow
  • [High] SysAid Help Desk XML Entity Remote Code Execution
  • [High] Solr 5.0.0 < 8.4.0 Remote Code Execution
  • [High] Cisco IOS XE Arbitrary File Upload
  • [High] Commvault Command Center Remote Code Execution
  • [Low] ConnectWise ScreenConnect < 25.2.4 ViewState Code Injection
  • [Low] Squid URN Handling Buffer Overflow (CVE-2025-54574)
  • [Medium] Apache Tomcat Partial PUT Deserialization Vulnerability
  • [Medium] Multiple Vulnerabilities In Microsoft SQL Server (2025-07)
  • [Medium] Valkey Multiple Vulnerabilities (2025-10)
  • [Medium] AirPlay SDK Remote Code Execution (AirBorne)
  • [Medium] Dell EMC Unity, UnityVSA, And Unity XT
  • [Medium] Redis Multiple Vulnerabilities (2025-10)
  • [Medium] Lantronix Xport Authentication Bypass
  • [Medium] lighttpd Web Server Out-of-Bounds Memory Read
Updated
Previous: Vulnerability templates Next: Certificates