21 matches found
RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42
HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools...
AlmaLinux 9 : nginx:1.24 (ALSA-2026:3638)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3638 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...
Edimax EW-7438RPn-v3 Mini 安全漏洞
The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini contains a security vulnerability. This vulnerability allows unverified attackers to access the /wizardreboot.asp page, potentially leading to the...
CVE-2025-69025 WordPress Poptics plugin <= 1.0.20 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through = 1.0.20...
EUVD-2025-31208
Malicious code in bioql PyPI...
CVE-2025-4315 CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the updateusermeta function. This makes it possible for...
CVE-2022-34593
DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2020-6622
stb stbtruetype.h through 1.22 has a heap-based buffer over-read in stbttbufpeek8...
CVE-2025-22478
Dell Storage Center / Dell Storage Manager version 20.1.20 is affected by an XML External Entity (XXE) vulnerability caused by improper restriction of external entity references in XML processing. An unauthenticated attacker with adjacent network access could trigger information disclosure and da...
CVE-2025-31910 WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...
CVE-2025-31910
Technical details for CVE-2025-31910 are not provided in the Connected documents. The Initial Description notes a SQL Injection in BookingPress
openSUSE Security Advisory (SUSE-SU-2024:1163-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress plugin URL-Preview-Box 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
Security update for unbound
This update for unbound fixes the following issues: Update to 1.20.0: Features: The config for discard-timeout, wait-limit, wait-limit-cookie, wait-limit-netblock and wait-limit-cookie-netblock was added, for the fix to the DNSBomb issue. Merge GH1027: Introduce 'cache-min-negative-ttl' option...
UBUNTU-CVE-2023-30087
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjsmkstring function in mjs.c...
PT-2023-8807
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21 Description: The issue is related to the improper handling of backticks as Javascript string delimiters in templates, which can lead to the injection of arbitrary Javascript code into the Go template. This occurs whe...
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability
SAP BusinessObjects Business Intelligence platform is a suite of bookstore intelligence software and enterprise performance solutions from SAP Germany. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability in the SAP BusinessObjects Busines...
Portainer has an unspecified vulnerability
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.20.0. An attacker can exploit the vulnerability to retrieve stored LDAP certificates...
Denial of Service Vulnerability in INVT Studio
INVT Studio is a serial and Ethernet based inverter monitoring system. A denial of service vulnerability exists in INVT Studio version 1.20 due to a failure to follow the specification for code behavior at the INVT Studio import function. An attacker can exploit this vulnerability to cause a deni...