@use-pico/client (>=4.0.45 <=4.1.52), @use-pico/common (>=4.0.20 <=4.1.52) +1 more potentially affected by unknown CVE via @tanstack/zod-adapter (>=1.112.13 <=1.129.2)

@tanstack/zod-adapter NPM version =1.112.13, =4.0.45, =4.0.20, =4.0.16, =4.1.52 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3501...

MiracleLinux 8 : kernel-4.18.0-305.3.1.el8_4 (AXSA:2021-2223:13)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2223:13 advisory. kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu-run CVE-2021-3501 kernel:...

MiracleLinux 7 : rh-mysql56-mysql-5.6.32-1.el7 (AXSA:2016-615:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-615:02 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing

libcurl incorrectly parses IMAP literals size even when they are embedded within quoted strings e.g., email subjects or headers. This behavior violates RFC 3501, which mandates that content inside double quotes must be treated as opaque text. This parsing error causes the client state machine to...

Linux Distros Unpatched Vulnerability : CVE-2016-3501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related...

Linux Distros Unpatched Vulnerability : CVE-2021-3501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by ...

CVE-2011-3501

Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service crash via a negative or large Content-Length value...

CVE-2025-3501 vulnerabilities

Vulnerabilities for packages: keycloak-fips...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +168 more potentially affected by CVE-2025-3501 via org.keycloak:keycloak-services (>=10.0.0 <=26.2.1)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.1, =1.0.2 and more Source cves: CVE-2025-3501 Source advisory: OSV:GHSA-HW58-3793-42GG...

CVE-2025-3501

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended...

CVE-2025-3501

CVE-2025-3501 affects Keycloak. A trust-store verification bypass occurs when the verification policy is set to ALL, causing the trust store certificate check to be skipped. Related data (GHSA-HW58-3793-42GG) shows a similar trust-verification bypass in Keycloak (hostname verification), illustrat...

CVE-2024-3501

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of GET /v1/users/me and GET /v1/users/me/org API endpoints. These tokens, intended for sensitive operations such as password resets or...

Oracle Linux 9 : nghttp2 (ELSA-2024-3501)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. 1.43.0-5.2 - fix CONTINUATION frames DoS CVE-2024-28182, CVE-2024-27316 Tenable has extracted the preceding description block directly from the Oracle Linux...

Rocky Linux 9 : nghttp2 (RLSA-2024:3501)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3501 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note that...

AlmaLinux 9 : nghttp2 (ALSA-2024:3501)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3501 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Ness...

Malicious code in wlwz-2312-3501 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9cb499fb651d09b49b45d8baa724903e1cd4732cbcde33319d33803e26487a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-486 Malicious code in wlwz-2312-3501 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9cb499fb651d09b49b45d8baa724903e1cd4732cbcde33319d33803e26487a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2023:3501-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3501-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...