WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
7.4AI Score
SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2195-1 advisory. - Fix bsc#1224158 - this fixes: CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...
8.1CVSS
7AI Score
EPSS
Hanwha Vision Multiple Products Command Injection (CVE-2023-31996)
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
8.8CVSS
7.5AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP5) (SUSE-SU-2024:2209-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2209-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_59 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
8.6AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:4107)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4107 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in...
7CVSS
7.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...
7.7AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:2217-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2217-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...
7.3AI Score
0.0005EPSS
Fedora: Security Advisory for libopenmpt (FEDORA-2024-ac4860090c)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for libopenmpt (FEDORA-2024-018a95fb38)
The remote host is missing an update for...
7.5AI Score
WordPress 4.2.x < 4.2.38 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
Debian dla-3844 : git - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3844 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3844-1 [email protected] ...
9CVSS
7.8AI Score
0.087EPSS
Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)
The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level. The listed NVR is vulnerable to allow...
7.5CVSS
7.5AI Score
0.002EPSS
SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:2207-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2207-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_49 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
7CVSS
7.5AI Score
EPSS
Debian dsa-5720 : chromium - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5720 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5720-1 [email protected] ...
7.2AI Score
0.0004EPSS
Hanwha Vision Multiple Products Cross-site Scripting (CVE-2023-31995)
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
5.4CVSS
6.7AI Score
0.001EPSS
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and...
7.2AI Score
WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
SUSE SLES15 Security Update : kernel (Live Patch 8 for SLE 15 SP5) (SUSE-SU-2024:2205-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2205-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_39 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
9.8CVSS
8AI Score
0.732EPSS
WordPress 4.3.x < 4.3.34 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 4.7.x < 4.7.29 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
RHEL 9 : kernel (RHSA-2024:4108)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4108 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: use...
8AI Score
0.0004EPSS
The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...
6.5AI Score
0.961EPSS
SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2024:2197-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2197-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly from the...
7AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2024:2221-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2221-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_31 fixes one issue. The following security issue was fixed: - CVE-2024-26852: Fixed use-after-free...
7.8AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2189-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2189-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
9.8CVSS
8.7AI Score
0.005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP5) (SUSE-SU-2024:2208-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2208-1 advisory. This update for the Linux Kernel 5.14.21-150500_55_52 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...
7CVSS
8.3AI Score
0.0004EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A ...
6.1CVSS
7.5AI Score
0.007EPSS
Ubuntu 18.04 LTS : SQLite vulnerability (USN-6566-2)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6566-2 advisory. USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory...
7.3CVSS
8.2AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Ruby vulnerability (USN-6853-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6853-1 advisory. It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to...
7.5AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:2216-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2216-1 advisory. This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...
5.5CVSS
7.9AI Score
0.0005EPSS
Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)
A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...
9.8CVSS
7.4AI Score
0.003EPSS
WordPress 4.4.x < 4.4.33 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.6.x < 5.6.14 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's...
9.6CVSS
6AI Score
EPSS
ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access...
8.3CVSS
7.1AI Score
0.003EPSS
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ollama instance on the target application. Ollama is an open-source application to quickly set up various...
7.2AI Score
This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target...
7.2AI Score
WordPress 4.6.x < 4.6.29 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
AMD Processors February 2024 Security Updates
AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...
7.9AI Score
EPSS
8.8CVSS
7.1AI Score
0.003EPSS
Debian dsa-5722 : libvpx-dev - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5722 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5722-1 [email protected] ...
6.9AI Score
0.0004EPSS
Debian dsa-5721 : ffmpeg - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5721 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5721-1 [email protected] ...
8.1CVSS
8.1AI Score
0.002EPSS
6.7AI Score
EPSS
WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability (CWE-352). ## Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform...
6.8AI Score
EPSS
Jenkins plugins Multiple Vulnerabilities (2024-06-26)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Low Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before...
6.2AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
9.8CVSS
8.7AI Score
EPSS
Ubuntu 14.04 LTS : Salt vulnerabilities (USN-6849-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6849-1 advisory. It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some...
9.8CVSS
10AI Score
0.975EPSS
WordPress 4.5.x < 4.5.32 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score