Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Accessory Checkout "Notes" field. An attacker can execute arbitrary JavaScript code in the context of an administrator's session by injectin...

Fedora: Security Advisory (FEDORA-2025-d9389fc692)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tutor-contrib-branding (>=16.0.0 <=16.1.2), tutor-contrib-hpa (>=16.0.0 <=16.1.0) +14 more potentially affected by CVE-2025-65681 via tutor (=16.1.8)

tutor PYPI version =16.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on tutor and may be impacted: - tutor-contrib-branding =16.0.0, =16.0.0, =16.0.2, =16.0.0, =16.0.0, =16.0.0, =16.0.1, =16.0.1, =16.0.1, =16.1.2, =16.0.2, =16.0.4 - tutor-notes...

Moderate: Red Hat Security Advisory: RHSA 4.8.6 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Moderate: Red Hat Security Advisory: RHSA 4.9.1 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

RLSA-2025:20478 Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: directory traversal in unzzipcat in the bins/unzzipcat-mem.c CVE-2018-17828 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-28471

This High severity vulnerability known as CVE-2020-28471 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587

This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24785

This High severity vulnerability known as CVE-2022-24785 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-45590

This High severity vulnerability known as CVE-2024-45590 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

Improper Authorization Third-Party Dependency in Confluence Data Center and Server - CVE-2025-41248

This High severity vulnerability known as CVE-2025-41248 was introduced in 10.1.0 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends that Confluence Data Center and Server custome...

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-52428

This High severity vulnerability known as CVE-2023-52428 was introduced in 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.6.4, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.9.0...

DoS (Denial of Service) org.apache.tomcat:tomcat-util Dependency Vulnerability in Bamboo Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-52434 was introduced in 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.6.5, 9.6.6, 9.6.7, 9.6.8, 10.2.0, 9.6.9, 9.6.10, 10.2.1, 10.2.2, 10.2.3, 9.6.11, 9.6.12, 10.2.4, 9.6.13, 9.6.14, 10.2.5, 10.2.6, 9.6.15, 10.2.7 of Bamboo Data Center and...

Important: Red Hat Security Advisory: Red Hat Ceph Storage 8.1 bug fix update

An update is now available for Red Hat Ceph Storage 8.1. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages...

RHEL 9 : Red Hat Ceph Storage 8.1 update (Important) (RHSA-2025:21068)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21068 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage syste...

Fedora 43 : dotnet8.0 (2025-9171c95e17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9171c95e17 advisory. This is the October 2025 release of .NET 8. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.21/8.0.121.md - Runtime:...

Fedora 43 : forgejo (2025-45da53cabc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-45da53cabc advisory. This is an upstream bug and security fix release. Please view the upstream release notes for more details. Tenable has extracted the preceding description...

Moderate: open-vm-tools bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section...

ALSA-2025:20181 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...

RHEL 10 : binutils (RHSA-2025:20155)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20155 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the...