UBUNTU-CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

Mozilla Firefox < 3.0.16

The version of Firefox installed on the remote Windows host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticate...

CVE-2025-68065

CVE-2025-68065 affects WordPress Hub Core hub-core (

CVE-2025-13127 XSS in TACAS Consulting's GoldenHorn

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS. This issue affects GoldenHorn: before 4.25.1121.1...

CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

EUVD-2025-200312

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

TencentOS Server 4: libsoup (TSSA-2025:0247)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0247 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

FreeBSD : Firefox -- Multiple vulnerabilities (a2a815c8-c0b7-11f0-ab42-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a2a815c8-c0b7-11f0-ab42-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1994441 reports: Tenable has extracted the precedi...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2025-3072 (ALAS-2025-3072)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.472.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3072 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

FreeBSD : chromium -- multiple security fixes (93ff3ebe-bba8-11f0-b3f7-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 93ff3ebe-bba8-11f0-b3f7-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2025-48039 affecting package erlang for versions less than 26.2.5.15-1

CVE-2025-48039 affecting package erlang for versions less than 26.2.5.15-1. An upgraded version of the package is available that resolves this issue...

FreeBSD : RT -- XSS via calendar invitations (269c2de7-afaa-11f0-b4c8-792b26d8a051)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 269c2de7-afaa-11f0-b4c8-792b26d8a051 advisory. Mateusz Szymaniec and CERT Polska Reports: RT is vulnerable to XSS via calendar invitations added to a...

FreeBSD : Mozilla -- spoofing (1e8a6581-ab7b-11f0-b961-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1e8a6581-ab7b-11f0-b961-b42e991fc52e advisory. [email protected] reports: Spoofing issue in the Site Permission component Tenable has extracted the...

FreeBSD : Mozilla -- Memory safety bugs (ed132d42-ab81-11f0-b961-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed132d42-ab81-11f0-b961-b42e991fc52e advisory. [email protected] reports: Memory safety bug. This bug showed evidence of memory corruption and we...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2025-008 (ALASGIMP-2025-008)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2025-008 advisory. ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10922 Tenable has...

EUVD-2019-7569

Malware in sbrugna...

Amazon Linux 2 : giflib, --advisory ALAS2-2025-2987 (ALAS-2025-2987)

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2987 advisory. Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the...