Security Updates for Microsoft Visual Studio 2022 17.8 / 17.10 / 17.12 Products (April 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper access control in Visual Studio allows an authorized attacker to eleveate priveleges locally CVE-2025-29802 - Improper access control in Visual Studi...

SAP NetWeaver AS ABAP Access Control (3568778)

The remote SAP NetWeaver ABAP server may be affected by an access control vulnerability. A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 31, 2025 to April 6, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 551 vulnerabilities disclosed in 485 WordPress...

CVE-2025-27437

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

Moodle 4.1.x < 4.1.3 Arbitrary Folder Creation

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.3. It is, therefore, affected by an Arbitrary Folder creation in TinyMCE. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported versi...

Moodle < 3.9.23 phpCAS Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16 or 4.0.x prior to 4.0.10. The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue. Note that the...

Wapiti Web Application Vulnerability Scanner 3.2.4

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities...

Containerd Find Exclude Path Detect (Linux)

Binary data containerddetect.nbin...

Sante PACS Server Web Detection

Binary data santepacsserverwebdetect.nbin...

The vulnerability of ESET’s command-line scanner for anti-virus protection allows a hacker to execute arbitrary code.

The vulnerability of ESET’s command-line scanner for anti-virus protection is related to an uncontrolled element in the loading process of the version.dll library. Exploiting this vulnerability can allow a hacker to execute arbitrary code...

Photon OS 4.0: Linux PHSA-2025-4.0-0775

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0775. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : giflib (SUSE-SU-2025:1164-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1164-1 advisory. - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB bsc1240416 Tenable has extracted the...

Photon OS 4.0: Elfutils PHSA-2025-4.0-0776

An update of the elfutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0776. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-27437

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

Security Updates for Microsoft OneNote Products (April 2025)

The Microsoft OneNote Products are missing a security update. They are, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. Note that...

Joomla 4.0.x < 4.4.13 / 5.0.x < 5.2.6 Joomla 5.2.6 Security Release (5925-joomla-5-2-6-security-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.13 or 5.0.x prior to 5.2.6. It is, therefore, affected by a vulnerability. - Insufficient state checks lead to a vector that allows to bypass 2FA checks. CVE-2025-25227 Note that...

Fortinet FortiWeb Directory Traversal (FG-IR-24-474)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-474 advisory. - An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in FortiWeb version 7.6...

Security Updates for Microsoft Access Products (April 2025)

The Microsoft Access Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relie...

KB5055528: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (April 2025)

The remote Windows host is missing security update 5055528. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. CVE-2025-26687 - A remote code execution vulnerability. An attacker ca...

Exploit for CVE-2025-29927

NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter...