67 matches found
PT-2025-51980
Name of the Vulnerable Software and Affected Versions Zerobyte versions prior to 0.18.5 Zerobyte versions prior to 0.19.0 Description Zerobyte, a backup automation tool, has an issue where authentication middleware is not correctly applied to certain API endpoints. This allows access to these...
PT-2025-49149
Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...
CVE-2025-3321
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...
CVE-2024-10306 Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests
A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...
PT-2024-10246 · Oracle +2 · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server version 8.4.0 Description: The issue is related to the Server: Optimizer component of Oracle MySQL Server and is caused by inadequate authorization procedure due to incorrect input validatio...
PT-2024-13925
Name of the Vulnerable Software and Affected Versions Video Station versions prior to 5.8.1 Description A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. Recommendations...
nodejs: Bypass network import restriction via data URL
A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...
PT-2024-4998 · Oracle +4 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.37 and prior MySQL Server versions 8.4.0 and prior Description: The issue is related to insufficient input validation in the Server: FTS component of the MySQL Server product. It allows a high-privileged attacker wit...
PT-2024-3195 · Oracle +4 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.36 and prior Oracle MySQL Server versions 8.3.0 and prior Description: The issue is related to a vulnerability in the MySQL Server product, specifically in the Server: Information Schema component. This...
PT-2024-14372 · D Link · D-Link Covr 1100 +2
Name of the Vulnerable Software and Affected Versions: D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System Hardware Rev B1 Description: The issue truncates Wireless Access Point Passwords WPA-PSK, allowing an attacker to gain unauthorized network access via weak...
PT-2024-12316 · Ibm · Ibm Security Verify Access
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 Description: The issue allows an attacker on the network to take control of the server due to insecure calls. Recommendations: For versions 10.0.0.0 through 10.0.6.1, consider...
PT-2024-1336 · Oracle · Oracle Agile Product Lifecycle Management For Process
Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process versions prior to 6.2.4.2 Description: The issue is related to insufficient input validation in the Installation component of the Oracle Agile Product Lifecycle Management for Process...
PT-2023-26382 · Minitool · Minitool Movie Maker
Name of the Vulnerable Software and Affected Versions: MiniTool Movie Maker versions 6.1.0 through 7.0 Description: The issue is related to an insecure installation process in MiniTool Movie Maker, which allows attackers to achieve remote code execution through a man-in-the-middle attack...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups-filters (SUSE-SU-2023:2233-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2233-1 advisory. - CVE-2023-24805: Fixed a remote code execution in the beh backend bsc1211340. Tenable has extracted the...
PT-2023-2642 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c through 21c Description: The issue exists due to insufficient input validation in the Oracle Database Recovery Manager component of Oracle Database Server. This can be exploited by a remote attacker to caus...
Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)
Problem Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family CVE-2012-6354 Resolving The Problem Security Bulletin --- Summary --- Administrative access to the system via the GUI may be obtained without supplying proper credentials. Vulnerability...
Security Bulletin: The IBM FlashSystem 840 product is affected by a vulnerability in OpenSSL (CVE-2014-0224 = SSL/TLS MITM vulnerability)
Summary Security vulnerability has been discovered in OpenSSL Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: FlashSystem 840 uses OpenSSL to protect connection from external management applications which use SMI-S to its CIM client. Affected versions of OpenSSL do not properly restrict...
WAGO Series 750-88x and 750-87x Use of Hard-Coded Credentials (CVE-2019-10712)
The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access. This plugin only works with Tenable.ot. Please visit...