RHCOS 4 : OpenShift Container Platform 4.11.57 (RHSA-2024:0308)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0308 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...

GO-2026-4605 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel

ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

MiracleLinux 7 : nspr-4.11.0-1.el7, nss-softokn-3.16.2.3-14.2.el7, nss-3.21.0-9.el7, nss-util-3.21.0-2.2.el7 (AXSA:2016-217:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-217:01 advisory. nspr NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal fi...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003556 advisory. The blkcginitqueue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service double free or possibly have...

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

PT-2026-1889

Name of the Vulnerable Software and Affected Versions Tribulant Software Newsletters versions prior to 4.11 Description An issue exists in Tribulant Software Newsletters newsletters-lite related to the deserialization of untrusted data, which allows for object injection. Recommendations Update to...

EUVD-2017-9386

Malware in sbrugna...

EUVD-1999-0786

Malware in sbrugna...

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

WordPress Mow Theme <= 4.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mow Type Theme Vulnerable versions = 4.10 Fixed in 4.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-58997 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 5da80db52724 Credits Tran Nguyen Bao Khanh VCI - VNPT...

Linux Distros Unpatched Vulnerability : CVE-2025-29906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration...

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site...

DEBIAN-CVE-2025-29906

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-29906

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-29906 Finit bundled getty can bypass /bin/login

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

Linux Distros Unpatched Vulnerability : CVE-2018-19964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service host OS hang because the p2m lock remains unavailable indefinitel...

RHSA-2025:1335 Red Hat Security Advisory: RHUI 4.11 security, bugfix, and enhancement update

Bulletin has no description...