SUSE SLES15 Security Update : buildah (SUSE-SU-2026:1491-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1491-1 advisory. This update for buildah rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding description block...

EUVD-2026-1491

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution RCE within the affected product. Affected Products: UBB-XG Version 1.2.2 and earlier UDB-Pro/UDB-Pro-Sector Version 1.4.1 and earlier UBB...

EUVD-2024-17794

Malicious code in bioql PyPI...

CVE-2021-1491

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

CVE-2025-1491

creationtimestamp| type| source ---|---|--- 2025-03-01 13:27:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6075 2025-03-01 16:27:04+00:00| seen| https://t.me/cvedetector/19238 2025-03-02 11:46:59+00:00| seen| Telegram/fQwhT3m-JQIcT-R9UMsIx5GWX6a33IPjwKCBE6dg2xBQgVw 2025-08-19...

CVE-2025-1491

The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplaytimeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-1491 WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter

The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplaytimeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-1491 WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter

The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplaytimeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2021-1491 Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

CVE-2024-20079

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491...

CVE-2024-1491

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-1491

CVE-2024-1491 affects Electrolink FM/DAB/TV Transmitters, where an unauthenticated unprotected endpoint permits MPFS2 file-system binary image uploads. The MPFS2 read-only storage can reside in external EEPROM/flash and backs the HTTP2 web server and other components; exploitation could overwrite...

Rocky Linux 8 : java-1.8.0-openjdk (RLSA-2022:1491)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1491 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected...

Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary Security Bulletin: Vulnerabilities in Network Security Services NSS and Netscape Portable Runtime NSPR affect IBM SAN Volume Controller and Storwize Family CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545 Vulnerability Details Security Bulletin ---...

CVE-2023-1491

CVE-2023-1491 affects Max Secure Anti Virus Plus 19.0.2.1. The vulnerability resides in the IoControlCode Handler’s MaxCryptMon.sys library, specifically function 0x220020, causing improper access controls. Local access is required to exploit, and the issue has been publicly disclosed (VDB-223377...

Huawei EulerOS: Security Advisory for bluez (EulerOS-SA-2023-1491)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-23-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K06145135: Remote DNS security filter vulnerabilities CVE-2003-1491 and CVE-2004-1473

Security Advisory Description CVE-2003-1491 Kerio Personal Firewall KPF 2.1.4 has a default rule to accept incoming packets from DNS UDP port 53, which allows remote attackers to bypass the firewall filters via packets with a source port of 53. CVE-2004-1473 Symantec Enterprise Firewall/VPN...

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

Summary NSS & NSPR vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service. Vulnerability Details 1. CVE-ID : CVE-2013-1740...