OPENSUSE-SU-2026:10643-1 php-composer2-2.9.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.7-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 43 : pie (2026-3f4283f831)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f4283f831 advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...

MiracleLinux 8 : libxml2-2.9.7-8.el8 (AXSA:2020-1001:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1001:04 advisory. libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c CVE-2019-19956 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c...

EUVD-2025-206105

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

PT-2025-54460

Name of the Vulnerable Software and Affected Versions Uasoft badaso versions up to 2.9.7 Description A security issue exists in Uasoft badaso up to version 2.9.7 related to weak password recovery. The forgetPassword function within the src/Controllers/BadasoAuthController.php file of the Token...

CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

WordPress myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval vulnerability

Missing Authorization to Unauthenticated Withdrawal Request Approval vulnerability discovered by Rafshanzani Suhada in WordPress Plugin myCred versions = 2.9.7...

Fedora 43 : tinygltf (2025-47bff6f74d)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-47bff6f74d advisory. Update to 2.9.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 42 : tinygltf (2025-ac8ed4a110)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ac8ed4a110 advisory. Update to 2.9.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora: Security Advisory (FEDORA-2025-ac8ed4a110)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 43 Update: tinygltf-2.9.7-1.fc43

TinyGLTF is a header only C++11 glTF 2.0 library...

CVE-2021-42717 affecting package mod_security for versions less than 2.9.7-8

CVE-2021-42717 affecting package modsecurity for versions less than 2.9.7-8. An upgraded version of the package is available that resolves this issue...

CVE-2025-8416

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-8416 Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-8416

CVE-2025-8416 affects the WordPress Plugin Product Filter by WBW. All versions up to 2.9.7 are vulnerable to unauthenticated SQL injection via the filtersDataBackend parameter due to insufficient input escaping and inadequate SQL query preparation. The issue allows attackers to append additional ...

EUVD-2020-0011

Malware in sbrugna...

EUVD-2017-16584

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-14720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK...

Linux Distros Unpatched Vulnerability : CVE-2018-14719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and...