TencentOS Server 4: mtr (TSSA-2025:0537)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0537 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-33102 · Pypi +1 · Pypdf +1

Name of the Vulnerable Software and Affected Versions: pypdf versions prior to 6.0.0 Description: pypdf is a free and open-source pure-python PDF library. An attacker can craft a PDF file that leads to exhaustion of RAM. This requires only reading the file if a series of FlateDecode filters are...

CVE-2025-7624

An SQL injection vulnerability in the legacy transparent SMTP proxy of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA...

CBL Mariner 2.0 Security Update: mysql (CVE-2025-30704)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30704 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported...

FreeBSD : chromium -- multiple security fixes (4323e86c-2422-4fd7-8c8f-ec71c81ea7dd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4323e86c-2422-4fd7-8c8f-ec71c81ea7dd advisory. Chrome Releases reports: This update includes 3 security fixes: Tenable has extracted the...

TencentOS Server 3: tar (TSSA-2023:0024)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0024 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: ghostscript (TSSA-2022:0123)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0123 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Google Chrome < 137.0.7151.55 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 137.0.7151.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 202505stable-channel-update-for-desktop27 advisory. - Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21699)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21699 advisory. - In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flippi...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21637)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21637 advisory. - In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using...

PT-2025-17021 · Unknown · Claire Ryan Author Showcase

Name of the Vulnerable Software and Affected Versions: Claire Ryan Author Showcase versions 1.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an attacker ...

FreeBSD : chromium -- multiple security fixes (789bcfb6-1224-11f0-85f3-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 789bcfb6-1224-11f0-85f3-a8a1599412c6 advisory. Chrome Releases reports: This update includes 13 security fixes: Tenable has extracted the...

FreeBSD : Gitlab -- Vulnerabilities (a435609c-ffd5-11ef-b4e4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a435609c-ffd5-11ef-b4e4-2cf05da270f3 advisory. Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 thi...

PT-2025-6763 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.198 Description: The issue concerns the app/Model/Attribute.php file in MISP, where it ignores an ACL during a GUI attribute search. Recommendations: For versions prior to 2.4.198, update to version 2.4.198 or later...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42080)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42080 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid...

PT-2025-5142 · Papercite · Papercite

Name of the Vulnerable Software and Affected Versions: PAPERCITE versions 0.5.18 and earlier Description: The issue is related to a lack of authorization in PAPERCITE, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions 0.5.18 and...

CVE-2025-23012

Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...

Amazon Linux AMI : rsync (ALAS-2025-1954)

The version of rsync installed on the remote host is prior to 3.0.6-12.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1954 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...

Mozilla Thunderbird SEoL (1.x)

According to its version, Mozilla Thunderbird version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may...