CVE-2026-21640

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

PT-2026-3657

HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...

MiracleLinux 8 : libinput-1.16.3-3.el8 (AXSA:2022-3673:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3673:01 advisory. libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : ghostscript-9.54.0-17.el9_4 (AXSA:2024-8750:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8750:04 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53591)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

MiracleLinux 9 : libinput-1.19.3-2.el9 (AXSA:2022-3984:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3984:02 advisory. libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : rh-mariadb105-galera-26.4.11-1.el7, rh-mariadb105-mariadb-10.5.16-2.el7 (AXSA:2022-3624:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3624:01 advisory. mariadb: convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669 mariadb: lack of proper validation of the length of...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-211:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-211:01 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000785 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-48730)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53406)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-52429)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

MiracleLinux 7 : udisks2-2.7.3-9.el7 (AXSA:2019-4045:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4045:02 advisory. udisks: Format string vulnerability in udiskslog in udiskslogging.c CVE-2018-17336 Tenable has extracted the preceding description block directly from the...

CVE-2025-68816

A flaw was found in the Linux kernel's mlx5 firmware tracer. A malicious or compromised firmware can provide specially crafted format strings to the tracer. Due to insufficient validation of these parameters, this can lead to system crashes, resulting in a Denial of Service DoS, or potentially...

net/mlx5: fw_tracer, Validate format string parameters

...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002476 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002193 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002008 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...