Fedora 43 : SDL3_image (2026-0f01e844c3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0f01e844c3 advisory. Update to 3.4.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 44 : SDL3_image (2026-992a75bea6)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-992a75bea6 advisory. Update to 3.4.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2026-5478

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion vulnerability

Unauthenticated Arbitrary File Read and Deletion vulnerability discovered by ll in WordPress Plugin Everest Forms versions = 3.4.4...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

@semic/testing (=2.2.11), @vendure/dashboard (>=3.2.2 <=3.4.4) potentially affected by CVE-2026-40887 via @vendure/core (>=3.0.0 <=3.4.4)

@vendure/core NPM version =3.0.0, =3.2.2, =3.4.4 Source cves: CVE-2026-40887 Source advisory: SNYK:JS-VENDURECORE-16068909...

Linux Distros Unpatched Vulnerability : CVE-2019-25695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences...

R 缓冲区错误漏洞

R is a statistical computing software developed by The R Foundation. Version 3.4.4 of R contains a buffer overflow vulnerability, which stems from insufficient input validation for the GUI Preferences language field. This vulnerability could lead to a local buffer overflow and the execution of...

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

EUVD-2026-20307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

CVE-2026-39646

CVE-2026-39646 affects the WordPress Leaflet Map plugin (leaflet-map)

WordPress plugin Leaflet Map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-2369 affecting package libsoup for versions less than 3.4.4-14

CVE-2026-2369 affecting package libsoup for versions less than 3.4.4-14. A patched version of the package is available...

CVE-2026-0716 affecting package libsoup for versions less than 3.4.4-14

CVE-2026-0716 affecting package libsoup for versions less than 3.4.4-14. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-33151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted...

DEBIAN-CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...