Fedora: Security Advisory (FEDORA-2026-58dd426edd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : perl / perl-Devel-Cover / perl-PAR-Packer / polymake (2026-58dd426edd)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-58dd426edd advisory. Update for Perl 5.40.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly,...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly,...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly,...

Metasploit Wrap-Up 03/13/2026

No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestone This week’s Metasploit Framework release delivers three new modules across reconnaissance, evasion, and exploitation: LeakIX-powered discovery for exposed services and leaked data, a Linux x64 RC4 payload packer f...

CVE-2025-47911 affecting package packer for versions less than 1.9.5-13

CVE-2025-47911 affecting package packer for versions less than 1.9.5-13. A patched version of the package is available...

CVE-2025-11065 affecting package packer for versions less than 1.9.5-13

CVE-2025-11065 affecting package packer for versions less than 1.9.5-13. A patched version of the package is available...

CVE-2025-58190 affecting package packer for versions less than 1.9.5-13

CVE-2025-58190 affecting package packer for versions less than 1.9.5-13. A patched version of the package is available...

Metasploit Wrap-Up 03/06/2026

Encoder exposed! Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit. Still, the underlying theme is payloads: more control over how they are packaged and...

Metasploit Wrap-Up 02/27/2026

No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...

Linux RC4 Packer with In-Memory Execution

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/aarch64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...

Malicious Package

Overview ts-packer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in ts-packer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...

MAL-2026-1047 Malicious code in ts-packer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd7ed1f89788c69596bac0f4e3429cfadc252f8f2e7cc255616c6f63ad63d2eb The package ts-packer was found to contain malicious code. Source: ghsa-malware cf93507187d36aaad21ab48b27cbc91258ef6b442053c36ee60cc01adbe7e8b4 Any...

GHSA-37CX-329C-33X3 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, grafana, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, flux-kustomize-controller-fips, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly...

CVE-2026-25934 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, grafana, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, flux-kustomize-controller-fips, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly...

AZL-76980 CVE-2025-58190 affecting package packer for versions less than 1.9.5-18

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77064 CVE-2025-58190 affecting package packer 1.9.5-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77067 CVE-2025-47911 affecting package packer 1.9.5-11

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...