533 matches found
Fedora 43 : wordpress (2026-5774d46593)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5774d46593 advisory. Upstream announcements: - WordPress 6.9.2 Release - WordPress 6.9.3 and 7.0 beta 4 - WordPress 6.9.4 Release Tenable has extracted the preceding description...
Fedora 44 : wordpress (2026-bf984d4931)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bf984d4931 advisory. Upstream announcements: - WordPress 6.9.2 Release - WordPress 6.9.3 and 7.0 beta 4 - WordPress 6.9.4 Release Tenable has extracted the preceding description...
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29103
CVE-2026-29103 affects SuiteCRM 7.15.0 and 8.9.2, enabling authenticated administrators to trigger remote code execution via a Patch Bypass of CVE-2024-49774. The root cause is a flaw in ModuleScanner.php’s PHP token parsing that resets its internal state (checkFunction) on single-character token...
EUVD-2026-13364
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...
SUSE CVE-2017-18908
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address...
CVE-2026-1663
GitLab CVE-2026-1663 affects GitLab CE/EE: authenticated users with group import permissions could create labels in private projects due to improper authorization validation in the group import process under certain circumstances. Remediation is available by upgrading to fixed releases: 18.7.6+, ...
CVE-2026-3848
CVE-2026-3848 affects GitLab CE/EE, versions 8.11–18.7.5, 18.8.0–18.8.5, and 18.9.0–18.9.1; all are fixed in 18.7.6, 18.8.6, and 18.9.2. The root cause is improper input validation in the import functionality that could allow an authenticated user to trigger unintended internal requests via proxy...
CVE-2025-36173
Affected ProductsVersionsInfoSphere Data Architect9.2.1...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.7.6,...
PT-2026-24708
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...
CVE-2025-36173
Affected ProductsVersionsInfoSphere Data Architect9.2.1...
CVE-2025-36173 InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.
Affected ProductsVersionsInfoSphere Data Architect9.2.1...
WordPress 6.0 < 6.9.2
WordPress versions 6.0 6.9.2 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-9-2-release. include'compat.inc'; if description scriptid301728;...
Vim < 9.2.0074 Heap-based Buffer Overflow (GHSA-h4mf-vg97-hj8j)
The version of Vim installed on the remote host is prior to 9.2.0074. It is, therefore, affected by a vulnerability as referenced in the GHSA-h4mf-vg97-hj8j advisory. - Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exis...
CVE-2025-64736
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2026-28270
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware
Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...