XWiki 15.9-rc-1 < 15.10.8, 16.0.0-rc-1 < 16.2.0 RCE Vulnerability (GHSA-mvgm-3rw2-7j4r)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-32974

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

CVE-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...

CVE-2024-32974

CVE-2024-32974 is a use-after-free in Envoy’s QUIC stack. A crash occurs in EnvoyQuicServerStream::OnInitialHeadersComplete() because QUICHE may push request headers after StopReading() and the HCM ActiveStream has been destroyed, risking use-after-free when QUICHE makes up calls. This can crash ...

QNAP QTS / QuTS hero Path Traversal (QSA-23-42)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-42 advisory. A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the...

QNAP QuTScloud Multiple Vulnerabilities (QSA-23-41, QSA-23-42)

QNAP QuTScloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud"; ifdescripti...

CVE-2023-32974

CVE-2023-32974 is a path traversal vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. The issue could allow reading content from unexpected files and exposing sensitive data over the network. Affected versions have been fixed in QTS 5.1.0.2444+ (build 20230629+), QuTS hero h5.1.0.2424+ (...

Tenable Nessus < 10.2.0 Multiple Vulnerabilities (TNS-2022-11)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

Tenable Nessus < 8.15.6 Multiple Vulnerabilities (TNS-2022-16)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus";...

Tenable Nessus Agent < 8.3.4 / 10.x < 10.1.4 Multiple Vulnerabilities (TNS-2022-17) (TNS-2022-13)

According to its self-reported version, the Tenable Nessus agent running on the remote host is prior to 8.3.4 or 10.x prior to 10.1.4. It is, therefore, affected by multiple vulnerabilities: - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2022-32974

CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...

[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

R3 Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components zlib, expat, jQuery UI were found to contain vulnerabilities, and updated versions hav...

CVE-2021-32974

creationtimestamp| type| source ---|---|--- 2022-04-02 02:26:29+00:00| seen| https://t.me/cibsecurity/40063...

CVE-2021-32974 Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands...

CVE-2021-32974

CVE-2021-32974 affects Moxa NPort IAW5000A-I/O Series Serial Device Server with firmware 2.2 or earlier. Root cause: improper input validation in the built-in web server, enabling a remote attacker to execute commands. Impact: remote command execution (high severity). Affected products: NPort IAW...

Moxa NPort IAW5000A-I/O Series Serial Device Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: NPort IAW5000A-I/O Series Wireless Device Server Vulnerabilities: Classic Buffer Overflow, Stack-based Buffer Overflow, Improper Input Validation, OS Command Injection 2. RISK EVALUATION...