Fedora 43 : mariadb10.11 (2026-39e035a84c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-39e035a84c advisory. MariaDB 10.11.15 Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15 Tenable has extracted the preceding description block...

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...

CVE-2025-15189

creationtimestamp| type| source ---|---|--- 2025-12-29 13:22:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mb4wkg5pdg2u 2025-12-29 13:37:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mb4xgjil2h2y 2025-12-29 15:11:56+00:00| seen|...

CVE-2025-15175

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the...

CVE-2025-13624

creationtimestamp| type| source ---|---|--- 2025-12-20 10:55:58+00:00| seen| https://gist.github.com/Darkcrai86/51e5526e5b8a8b1b6d1a325bfbcef97c...

PHP 8.2.x < 8.2.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.30 advisory. - Debian Linux - php7.4 - None php8.2 - None php8.4 - None Ubuntu Linux - Unknown description CVE-2025-14177, CVE-2025-14178,...

Atlassian Jira 11.x < 11.2.0 XML External Entity Injection

According to its self-reported version number, the Atlassian Jira application running on the remote host is 10.3.x prior to 10.3.13 or 11.x prior to 11.2.0. It is, therefore, affected by a XML External Entity Injection XXE vulnerability. Note that the scanner has not tested for these issues but h...

CVE-2025-43475

creationtimestamp| type| source ---|---|--- 2025-12-16 06:48:31+00:00| seen| https://vulnerability.circl.lu/bundle/c5b7cfe4-31dc-48ad-9aad-8e8bd3c6bf83 2025-12-17 21:50:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ma7nfayiw62o...

Tenable Nessus 10.8.0 <= 10.8.6 / 10.9.0 < 10.9.6 / 10.10.0 <= 10.10.1 / 10.11.0 < 10.11.1 Multiple Vulnerabilities (TNS-2025-24)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.8.0 prior or equal to 10.8.6, 10.9.0 prior to 10.9.6, 10.10.0 prior or equal to 10.10.1 and 10.11.0 prior to 10.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the...

Linux Distros Unpatched Vulnerability : CVE-2025-14332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

Linux Distros Unpatched Vulnerability : CVE-2023-53783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-iocost: fix divide by 0 error in calclcoefs echo max of u64 to cost.model can cause divide by 0 error. echo 8:0 rbps=18446744073709551615...

Security Updates for Microsoft Word Products (December 2025)

The Microsoft Word Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

CVE-2025-38734

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2025-55749

creationtimestamp| type| source ---|---|--- 2025-12-02 01:19:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6xrm65ean2s 2025-12-11 17:39:34+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-55749.yaml 2025-12-12...

CVE-2025-64063

creationtimestamp| type| source ---|---|--- 2025-11-25 21:50:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6id52itdb2s...

Fedora 43 : gnutls (2025-45b1844342)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-45b1844342 advisory. Update to the 3.8.11 release with a fix for CVE-2025-9820 and several enhancements. Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2025-43430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS...

FreeBSD : chromium -- multiple security fixes (ca5d4e87-c465-11f0-b3f7-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ca5d4e87-c465-11f0-b3f7-a8a1599412c6 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

Telerik UI for ASP.NET AJAX Unsafe Reflection

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios. Note that the scanner has not tested for these issues but has instead relied only on the...