Fedora 43 : vim (2026-7eda235f65)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eda235f65 advisory. patchlevel 2146 Security fix for CVE-2026-25749 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

CVE-2026-2146

The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...

RHSA-2024:2146

creationtimestamp| type| source ---|---|--- 2025-06-16 17:37:54+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18479...

CVE-2025-2146

creationtimestamp| type| source ---|---|--- 2025-05-25 23:46:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17516 2025-05-26 02:55:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lq26f56udx2y 2025-05-26 06:25:08+00:00| seen|...

CVE-2025-2146

A network-reachable buffer overflow in the WebService Authentication processing of Canon Office/Small Office Multifunction Printers and Laser Printers (Canon, Satera) is identified as CVE-2025-2146. Affected models include Canon Color imageCLASS and imageCLASS lines, Satera variants, and i-SENSYS...

CVE-2022-2146

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...

CVE-2020-2146

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

CVE-2009-2146

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition aka SugarCRM before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct...

RockyLinux 9 : libXpm (RLSA-2024:2146)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2146 advisory. libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with corrupted colormap CVE-2023-43789 Tenable...

Linux Distros Unpatched Vulnerability : CVE-2012-2146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain...

Linux Distros Unpatched Vulnerability : CVE-2016-2146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service...

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - The...

RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...

RHEL 6 : python-elixir (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-elixir: weak use of crypto can leak information CVE-2012-2146 Note that Nessus has not tested for this issue...

RHEL 6 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: open redirect in logout url when using URLs with backslashes CVE-2019-3877 - modauthmellon...

Oracle Linux 9 : libXpm (ELSA-2024-2146)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2146 advisory. - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage - CVE-2023-43787 libX11: integer overflow in XCreateImage leading to a...

RHEL 9 : libXpm (RHSA-2024:2146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2146 advisory. X.Org X11 libXpm runtime library. Security Fixes: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of...

CVE-2024-2146

creationtimestamp| type| source ---|---|--- 2024-03-03 16:26:43+00:00| seen| https://t.me/ctinow/198811 2024-03-03 16:31:08+00:00| seen| https://t.me/ctinow/198819...

CVE-2024-2146 SourceCodester Online Mobile Management Store ?p=products cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launch...