Fedora 44 : LabPlot / dtk6core / dtk6gui / dtk6log / dtk6widget / fcitx5-qt / etc (2026-70776c2dc3)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-70776c2dc3 advisory. Qt 6.10.3 bugfix update. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

[SECURITY] Fedora 44 Update: qt6-qtwebengine-6.10.3-1.fc44

Qt6 - QtWebEngine components...

[SECURITY] Fedora 44 Update: qt6-6.10.3-1.fc44

Qt6 meta package...

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2026-22595 Ghost has Staff Token permission bypass

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...

CVE-2026-22595

Ghost (Node.js CMS) versions 5.121.0–5.130.5 and 6.0.0–6.10.3 are affected by a Staff Token authentication vulnerability that allows access to endpoints intended for Staff Session authentication. External systems authenticated with Staff Tokens for Admin/Owner-role users could reach these endpoin...

PT-2026-2217

Name of the Vulnerable Software and Affected Versions Ghost versions 5.121.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in how Ghost manages Staff Token authentication permitted access to endpoints intended only for Staff...

Ghost 安全漏洞

Ghost is a hosting service from Ghost Open Source. A security vulnerability in Ghost versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3 stems from a flaw in the way Ghost handles staff token authentication, which could lead to improper access to certain endpoints that are restricted to...

GHSA-GJRP-XGMH-X9QQ Ghost has SQL Injection in Members Activity Feed

Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...

RHSA-2022:0790 Red Hat Security Advisory: Satellite 6.10.3 Async Bug Fix Update

Bulletin has no description...

RHEL 8 : nodejs:14 (RHSA-2023:1742)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1742 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

GHSA-G954-5HWP-PP24 Prototype Pollution in protobufjs

The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable. This vulnerability can occur in multiple ways: 1...

Tenable Nessus Privilege Escalation Vulnerability

Tenable Nessus is prone to a local privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-7199

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue...