Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-6949)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6949 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

CLEANSTART-2026-NC32267 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.28.1-r0, 1.28.1-r1

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

MiracleLinux 9 : golang-1.24.4-1.el9_6 (AXSA:2025-10627:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10627:03 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly fr...

CVE-2025-22874 affecting package golang for versions less than 1.24.4-1

CVE-2025-22874 affecting package golang for versions less than 1.24.4-1. A patched version of the package is available...

CVE-2025-4673 affecting package golang for versions less than 1.24.4-1

CVE-2025-4673 affecting package golang for versions less than 1.24.4-1. A patched version of the package is available...

golang security update

1.24.4-1 - Update to Go 1.24.4 fips-1 - Resolves: RHEL-101074 1.23.10-1 - Update to Go 1.23.10 - Fix for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 - Resolves: RHEL-96000...

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.4 bsc1236217: CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation bsc1244158. CVE-2025-0913 os: inconsistent handling of OCREATE|OEXCL on Unix and Windows bsc1244157. CVE-2025-4673 net/http:...

AZL-72104 CVE-2025-22874 affecting package golang for versions less than 1.24.4-1

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

com.erudika:para-jar (>=1.30.0 <=1.50.7), com.erudika:para-war (>=1.24.4 <=1.49.5) potentially affected by CVE-2025-48955 via com.erudika:para-server (>=1.24.4 <=1.50.7)

com.erudika:para-server MAVEN version =1.24.4, =1.30.0, =1.24.4, =1.49.5 Source cves: CVE-2025-48955 Source advisory: SNYK:JAVA-COMERUDIKA-10293727...

CVE-2023-3134

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks...

PT-2023-23293 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator WordPress plugin versions prior to 1.24.4 Description: The issue arises from the plugin's failure to properly escape values reflected inside form fields that use pre-populated query parameters, potentially leading to reflected XSS...

PT-2023-21168 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The Lua filter in Envoy is vulnerable to denial of service. Attackers can...

PT-2023-21167 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: Envoy is an open source edge and service proxy designed for cloud-native...

PT-2023-2245 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The issue is related to the insufficient sanitization of request propertie...

GHSA-PP75-XFPW-37G9 Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."...

PT-2020-19780 · Grpc · Grpc +1

Name of the Vulnerable Software and Affected Versions: grpc versions prior to 1.24.4 @grpc/grpc-js versions prior to 1.1.8 Description: The issue concerns Prototype Pollution via loadPackageDefinition. This affects the grpc and @grpc/grpc-js packages. Recommendations: For grpc versions prior to...

MediaWiki Multiple Vulnerabilities (Nov 2015) - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2015-8005

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file...

[SECURITY] Fedora 21 Update: mediawiki-1.24.4-1.fc21

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...