Photon OS 4.0: Kafka PHSA-2025-4.0-0834

An update of the kafka package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0834. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-34126

A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This...

WordPress Malcure Malware Scanner plugin <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Malcure Malware Scanner versions = 16.8...

CVE-2025-7772

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

CVE-2025-6043

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmrdeletefile function in all versions up to, and including, 17.0. This makes it possible for authenticated attackers, with...

CVE-2025-7772

CVE-2025-7772 affects the WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (

CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Malcure...

PT-2025-30051 · Melange · Melange

Name of the Vulnerable Software and Affected Versions: melange versions 0.23.0 through 0.29.4 Description: melange allows users to build apk packages using declarative pipelines. SBOM files generated by melange in apks had file system permissions mode 666, potentially allowing an unprivileged use...

PT-2025-30009 · WordPress · Malcure Malware Scanner

Name of the Vulnerable Software and Affected Versions: Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress versions prior to 16.9 Description: The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.25 (SUSE-SU-2025:02351-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02351-1 advisory. - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Tenable has...

Fedora 42 : python-asteval (2025-83c141f000)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-83c141f000 advisory. Fix CVE-2025-24359 closes rhbz2341976 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

CVE-2025-5346

Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is...

CVE-2025-5346 File removal via path traversal in unsecured broadcast receiver in Bluebird barcode scanner application

Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is...

CVE-2025-5346

Bluebird devices expose an unsecured broadcast receiver (kr.co.bluebird.android.bbsettings.BootReceiver) in a pre-loaded barcode scanner app. A local attacker can call this receiver to overwrite a file containing the string ".json" with a default barcode config, due to lack of protection against ...

Bluebird 安全漏洞

Bluebird is an application from Bluebird South Korea that is used to lock a device into a dedicated mode, restricting a user's access to only specified features or applications. A security vulnerability exists in Bluebird versions prior to 1.3.3 that stems from the barcode scanner application...

PT-2025-29907 · Blubird · Bluebird Barcode Scanner

Name of the Vulnerable Software and Affected Versions: Bluebird barcode scanner application versions prior to 1.3.3 Description: The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver, kr.co.bluebird.android.bbsettings.BootReceiver. A local attacker can exploi...

Edimax IC-7100 RCE (CVE-2025-1316)

Edimax IC-7100 network cameras do not properly neutralize request. An attacker can create specially crafted requests to achieve remote code execution on the device. Note that Nessus has not tested for this issue and has relied only on the device's self-reported model number. %NASLMINLEVEL 80900 C...

JetBrains YouTrack < 2024.3.85077 / 2025.x < 2025.1.86199 Email Spoofing

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.85077, 2025.x prior to 2025.1.86199. It is, therefore, affected by an email spoofing vulnerability via the Administrative API. Note that Nessus has not tested for these issues but has instead relied only on the...