MiracleLinux 9 : skopeo-1.14.3-2.el9 (AXSA:2024-8078:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8078:02 advisory. golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON...

MiracleLinux 8 : python3.11-PyMySQL-1.0.2-2.el8_10 (AXSA:2024-8537:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8537:01 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Open5GS has a security vulnerability, which stems from the use of a hardcoded JWT signing key...

MiracleLinux 7 : rh-nodejs10-nodejs-10.23.1-2.el7 (AXSA:2021-1479:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1479:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...

MiracleLinux 8 : nodejs:12 (AXSA:2021-1495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1495:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 9 : dotnet6.0-6.0.113-1.el9.ML.1 (AXSA:2023-4989:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4989:05 advisory. dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process CVE-2023-21538 Tenable has extracted the preceding...

MiracleLinux 8 : firefox-128.3.0-1.el8_10.ML.1 (AXSA:2024-8892:33)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8892:33 advisory. firefox: 115.16/128.3 ESR firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox:...

MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8553:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8553:01 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang-protobuf:...

MiracleLinux 9 : python3.12-PyMySQL-1.1.0-3.el9 (AXSA:2024-9377:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9377:02 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

CVE-2025-52661

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

CVE-2025-52661

Technical details about CVE-2025-52661 are not publicly disclosed in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from vendors and security advisories.

EUVD-2026-3207

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...

PT-2026-3469

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised...

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

CVE-2025-14078

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

SUSE CVE-2017-18901

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...