Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2026-106-01)

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.15.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-106-01 advisory. New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

EUVD-2026-14960

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417 Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417

The CVE-2026-2417 entry concerns Pharos Controls Mosaic Show Controller firmware 2.15.3, describing a Missing Authentication for Critical Function that could let an unauthenticated attacker bypass authentication and run arbitrary commands with root privileges. The vulnerability is rated CRITICAL ...

PT-2026-27478

Name of the Vulnerable Software and Affected Versions Pharos Controls Mosaic Show Controller version 2.15.3 Description A missing authentication check for a critical function allows an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This...

Tautulli 操作系统命令注入漏洞

Tautulli is a Tautulli open source application for monitoring Plex Media Server Media Server. An operating system command injection vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from a command injection vulnerability that could lead to remote code execution...

@24hr/content-next (>=1.0.0 <=3.0.17), @akanjs/config (>=0.0.4 <=0.0.16) +852 more potentially affected by CVE-2025-25200 via koa (>=2.0.0 <=2.15.3)

koa NPM version =2.0.0, =1.0.0, =0.0.4, =3.10.1, =3.7.0, =0.2.9, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.0.50, =0.0.7, =1.0.1, =1.0.17 - @avorati/strapi-plugin-preview =1.0.1 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...

CVE-2025-24650

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3...

CVE-2025-24650 WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3...

WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by l8BL in WordPress Plugin Tourfic versions = 2.15.3...

WordPress plugin Tourfic SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Fedora 37 : php-twig2 (2022-73b9fb7a77)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-73b9fb7a77 advisory. Version 2.15.3 2022-09-28 Fix a security issue on filesystem loader possibility to load a template outside a configured directory Tenable has extracted the...

PT-2024-14292 · Lustre · Lustre

Name of the Vulnerable Software and Affected Versions: Lustre versions 2.13.x through 2.15.x before 2.15.4 Lustre version 2.15.4 is not affected, so the range can be simplified to: Lustre versions 2.13.x through 2.15.3 Description: The issue allows attackers to escalate privileges and obtain...

PT-2022-24853 · Twig +4 · Twig +4

Name of the Vulnerable Software and Affected Versions: Twig versions 1.x prior to 1.44.7 Twig versions 2.x prior to 2.15.3 Twig versions 3.x prior to 3.4.3 Description: The issue arises when the filesystem loader loads templates for which the name is a user input. It is possible to use the source...

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

PT-2022-19386 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...

net.osgiliath.framework:net.osgiliath.feature.camel (>=0.2.0 <=0.2.3), net.osgiliath.framework:net.osgiliath.feature.full (>=0.2.0 <=0.2.3) +74 more potentially affected by CVE-2015-5344 via org.apache.camel:camel-xstream (>=2.10.1 <=2.15.3)

org.apache.camel:camel-xstream MAVEN version =2.10.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.3 and more Source cves: CVE-201...