25169 matches found
PT-2025-48189
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-657BRM version 1.00.1 Description The TRENDnet TEW-657BRM device version 1.00.1 contains an authenticated remote OS command injection issue in the setup.cgi binary. An attacker can exploit this by manipulating the HTTP parameters...
IBM DB2 Information Disclosure and Credential Exposure (7250484) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal...
Photon OS 4.0: Linux PHSA-2025-4.0-0914
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0914. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the template management component in REDAXO CMS. An attacker can execute arbitrary operating system commands by injecting PHP code into an active template and triggering its execution when visitors access...
CVE-2025-64050
A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...
Zenitel TCIV-3+
RISK EVALUATION Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
SUSE CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...
SUSE CVE-2025-43430
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
SUSE CVE-2025-43431
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...
SUSE CVE-2025-43480
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin...
PT-2025-48168
Name of the Vulnerable Software and Affected Versions Zenitel TCIV-3+ affected versions not specified Description An OS command injection issue arises from insufficient validation of user-provided input. The validation process does not adequately enforce formatting rules, potentially allowing...
PT-2025-48167
Name of the Vulnerable Software and Affected Versions Zenitel TCIV-3+ affected versions not specified Description An OS command injection issue arises from inadequate sanitization of user-provided input. The application processes parameters without sufficient validation before incorporating them...
Photon OS 4.0: Openssh PHSA-2025-4.0-0911
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0911. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Security Bulletin: NVIDIA DGX Spark - November 2025
NVIDIA has released a software update for NVIDIA DGX Spark. To protect your system, download and install the latest version of NVIDIA DGX OS from the NVIDIA DGX site. Go to NVIDIA Product Security. To protect your system, download and install the latest version of NVIDIA DGX OS from the NVIDIA DG...
Photon OS 5.0: Gdb PHSA-2025-5.0-0648
An update of the gdb package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0648. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid27671...
Photon OS 5.0: Python3 PHSA-2025-5.0-0628
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0628. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Openssh PHSA-2025-5.0-0687
An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0687. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Important Photon OS Security Update - PHSA-2025-5.0-0690
Updates of 'linux-esx', 'squid', 'linux' packages of Photon OS have been released...
Photon OS 4.0: Python3 PHSA-2025-4.0-0912
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0912. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Exploit for OS Command Injection in Fortinet Fortiweb
OS Command Injection Vulnerability in Fortinet FortiWeb CVE-2...