Oracle Linux 9 : webkit2gtk3 (ELSA-2025-22790)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22790 advisory. 2.50.3-1 - Update to 2.50.3 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

CVE-2022-22790

SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users...

CVE-2025-22790

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1...

CVE-2025-22790

creationtimestamp| type| source ---|---|--- 2025-05-19 17:13:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpk2zb5w5r2h...

CVE-2025-22790

CVE-2025-22790 is a Reflected XSS in the WordPress moseter theme (and moseter) versions up to 1.3.1, due to improper input neutralization during web page generation. Affected product: moseter WordPress theme

CVE-2025-22790 WordPress moseter theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in asmedia moseter moseter allows Reflected XSS.This issue affects moseter: from n/a through = 1.3.1...

Siemens SCALANCE W1750D Command Injection (CVE-2023-22790)

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin on...

ArubaOS 10.3.x < 10.3.1.1 Multiple Vulnerabilities (ARUBA-PSA-2023-006)

The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities: - An unauthenticated Denial of Service DoS vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability result...

CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-22790

CVE-2023-22790 is part of a set of authenticated command-injection flaws affecting Aruba InstantOS and ArubaOS 10 CLI. The connected documents identify multiple CVEs (including 22788–22791) describing that an attacker with valid credentials can execute arbitrary commands as a privileged user on t...

Schneider Electric Modicon Out-of-bounds Read (CVE-2021-22790)

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

CVE-2022-22790

CVE-2022-22790 describes a directory traversal vulnerability in the Synel eharmony system. The issue arises via the Name parameter , allowing an attacker to traverse to the root directory and access host files, exposing sensitive files uploaded by users. Documented impact includes unauthorized fi...

CVE-2021-22790

CVE-2021-22790 is an out-of-bounds read (CWE-125) vulnerability affecting Schneider Electric Modicon/M580/M340/MC80/Momentum Ethernet/Quantum/Premium CPUs and PLC simulators, triggered by a specially crafted project file. Root cause: out-of-bounds read could cause Denial of Service on Modicon PLC...

CVE-2020-22790

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs...

CVE-2020-22790

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs...

CVE-2020-22790

CVE-2020-22790 is an authenticated stored XSS in Safe FME Server (2019.2 and 2020.0 Beta). The vulnerability arises from allowing an attacker to inject arbitrary script/HTML by modifying a user’s name, with the XSS triggered when an administrator views the logs. The affected product is Safe FME S...