Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2026-3294 (ALAS-2026-3294)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3294 advisory. Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startu...

MINI-3F4V-HR2R-3294

Bulletin has no description...

CVE-2016-3294

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:34+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

Linux Distros Unpatched Vulnerability : CVE-2018-3294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easi...

TencentOS Server 4: kubernetes (TSSA-2024:0872)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0872 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-3294

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

CVE-2021-3294

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting XSS in users.php. An attacker can steal a cookie to perform user redirection to a malicious website...

CVE-2025-3294

creationtimestamp| type| source ---|---|--- 2025-04-17 05:57:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12190 2025-04-17 08:00:21+00:00| seen| Telegram/KHvZb7SVH2K58Bc8qiYUEiI756IhJKHfcQjRiAZ8pY63k 2025-04-17 10:28:17+00:00| seen| https://t.me/cvedetector/23221...

CVE-2025-3294

CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...

WordPress WP Editor plugin <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Update vulnerability discovered by nquangit in WordPress Plugin WP Editor versions = 1.2.9.1...

Linux Distros Unpatched Vulnerability : CVE-2015-3294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tcprequest function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setupreply function, which allows remote attackers to read...

Fedora 37 : kubernetes (2022-8647729ff8)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-8647729ff8 advisory. Resolves, in part, 2142161. Security patches that resolve CVE-2022-3162 and CVE-2022-3294. Tenable has extracted the preceding description block...

CGA-M9W5-3294-3C5H

Bulletin has no description...

RHEL 5 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks CVE-2012-3411 - dnsmasq:...

RHEL 7 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dnsmasq: unchecked return value of the setupreply function CVE-2015-3294 - dnsmasq: insecure default...

CVE-2023-3294

CVE-2023-3294 corresponds to a DOM-based XSS in saleor/react-storefront (GitHub repo) prior to the commit c29aab226f07ca980cc19787dcef101e11b83ef7. Multiple sources (NVD, Red Hat, OSV, CVE listings, Huntr) describe a cross-site scripting vulnerability in the React storefront with potential user i...

CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

SUSE: Security Advisory (SUSE-SU-2023:2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2292-1 advisory. - Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. CVE-2021-25749...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes (CVE-2022-3162, CVE-2022-3294)

Summary Multiple vulnerabilities in Kubernetes used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-3162 DESCRIPTION: Kubernetes kube-apiserver could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. An...