These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data, including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings, to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cac [truncated]
CVE-2026-47358 is a critical server-side request forgery issue in Terrascan v1.18.3 and earlier when it runs in server mode. An unauthenticated attacker can upload crafted ARM or CloudFormation templates that reference external URLs, causing Terrascan to retrieve those resources server-side. The issue is especially serious because file:// URLs can be used directly in this context, creating a local file re [truncated]
CVE-2026-47357 describes an unauthenticated server-side request forgery flaw in Terrascan v1.18.3 and prior when the remote directory scan endpoint is used in server mode. A remote attacker can supply an attacker-controlled HTTP URL through remote_url with remote_type set to "http". The supplied URL is passed to hashicorp/go-getter without validation, and the redirect handling described in the record allo [truncated]
CVE-2026-47356 is a high-severity SSRF issue in Terrascan server mode. An unauthenticated attacker can submit an arbitrary webhook_url to the file scan endpoint and make the server POST full scan results to an attacker-controlled URL, forwarding the supplied webhook_token as a Bearer token. Because affected deployments run as an unauthenticated service bound to 0.0.0.0, exposed instances are directly reac [truncated]
CVE-2026-4984 is a webhook security flaw in a Twilio integration where POST requests are accepted without validating Twilio’s X-Twilio-Signature. When media messages are processed, the handler can fetch attacker-controlled MediaUrlN values and include the integration’s Twilio credentials in an Authorization header. In the scenario described in the supplied record, that can expose the accountSID and authTo [truncated]
CVE-2016-9261 describes a cross-site scripting (XSS) issue in Tenable Log Correlation Engine (LCE) before 4.8.1. The flaw can be triggered by a remote authenticated user and may allow injection of arbitrary web script or HTML, creating a risk of session theft, page tampering, or other browser-side abuse in affected admin or user workflows.
CVE-2016-9259 is a cross-site scripting (XSS) issue in Tenable Nessus versions before 6.9.1. According to the published description, remote authenticated users could inject arbitrary web script or HTML through unspecified vectors. Tenable and NVD identify this as a medium-severity web application issue, so the main defense is to upgrade and limit who can interact with the Nessus web interface.
CVE-2016-9260 is a cross-site scripting (XSS) issue in Tenable Nessus that affects releases before 6.9. The vulnerability allows a remote authenticated user to inject arbitrary web script or HTML through handling of .nessus files. NVD maps the issue to CWE-79 and rates it as a medium-severity problem with network access, low privileges, required user interaction, and limited confidentiality and integrity impact.