Security Updates for Microsoft SQL Server (July 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

KB5062552: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (July 2025)

The remote Windows host is missing security update 5062552. It is, therefore, affected by multiple vulnerabilities - Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. CVE-2025-49659 - Improper link resolution before file access 'link following' in...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection RCE Summary CV...

IBM App Connect Enterprise (ACE) Detection (Windows)

Binary data ibmacewininstalled.nbin...

Model Context Protocol (MCP) Python Library Detection

An Model Context Protocol Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid241433; scriptversion"1.7";...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

Citrix Bleed 2 PoC Scanner CVE-2025-5777 This script is a P...

Exploit for Code Injection in Langflow

CVE-2025-3248: Langflow Unauthenticated Remote Code Execution...

Nuclei 3.4.7

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CitrixBleed2 - CVE-2025-5777 PoC Scanner This repository cont...

Nuclei 3.4.6

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

CVE-2025-48952 NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

ManageEngine Exchange Reporter Plus Multiple Vulnerabilities

The version of ManageEngine Exchange Reporter Plus on the host is prior to 5723. It is, therefore, affected by multiple XSS vulnerabilities - Zohocorp ManageEngine Exchange Reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. CVE-2025-59...

Fedora 43 : ov (2025-c4c8863fd7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c4c8863fd7 advisory. Automatic update for ov-0.42.1-1.fc43. Changelog Fri Jul 4 2025 Mikel Olasagasti Uranga - 0.42.1-1 - Update to 0.42.1 and go-vendor-tools. Closes rhbz2348375...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-6543CitrixNetScalerPoC Multi-host, multi-port scann...

AlmaLinux 9 : kernel (ALSA-2025:8333)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:8333 advisory. kernel: Use after Free in grusetcontextoption leading to kernel panic CVE-2022-3424 kernel: ndisc: use RCU protection in ndiscallocskb CVE-2025-21764...

AlmaLinux 8 : perl-FCGI:0.78 (ALSA-2025:8696)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:8696 advisory. perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 Tenable has extracted the...

Microsoft Exchange Admin Center Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Microsoft Exchange Admin Center instance on the target application. No source data...

Photon OS 5.0: Apache PHSA-2025-5.0-0537

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0537. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 42 : moodle (2025-83ab16425f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-83ab16425f advisory. 4.5.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp-xsl (SUSE-SU-2025:02168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02168-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...