WordPress Barcode Scanner and Inventory manager plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ngô Thái An Patchstack Alliance in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.6.6...

GeoServer 2.20.0 < 2.20.4 Insecure Deserialization

According to its banner, the version of GeoServer running on the remote host is prior to 2.19.6 or 2.20.0 2.20.4. It is, therefore, affected by an Insecure Deserialization Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

GeoServer 2.10.0 < 2.24.4 Sensitive Information Exposure

According to its banner, the version of GeoServer running on the remote host is 2.10.0 prior to 2.24.4 or 2.25.x prior to 2.25.1. It is, therefore, affected by a Sensitive Information Exposure. Note that the scanner has not tested for these issues but has instead relied only on the application's...

GeoServer < 2.22.5 Multiples Vulnerabilities

According to its banner, the version of GeoServer running on the remote host is prior to 2.22.5 or 2.23.0 parameter Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

GeoServer 2.23.0 < 2.23.1 Multiples Vulnerabilities

According to its banner, the version of GeoServer running on the remote host is prior to 2.22.5 or 2.23.0 parameter Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

KB5048685: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (December 2024)

The remote Windows host is missing security update 5048685. It is, therefore, affected by multiple vulnerabilities - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2024-49090 - Windows...

KB5048703: Windows 10 LTS 1507 Security Update (December 2024)

The remote Windows host is missing security update 5048703. It is, therefore, affected by multiple vulnerabilities - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2024-49090 - Windows...

Fedora 40 : retsnoop / rust-rbspy (2024-ccce2763b0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ccce2763b0 advisory. Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400. Tenable has extracted the preceding description block directly from the Fedora...

KB5048744: Windows Server 2008 Security Update (December 2024)

The remote Windows host is missing security update 5048744. It is, therefore, affected by multiple vulnerabilities - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2024-49090 - Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

KB5048652: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (December 2024)

The remote Windows host is missing security update 5048652. It is, therefore, affected by multiple vulnerabilities - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2024-49074 - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log Fil...

GO-2024-3312 CA certificate sign check bypass in github.com/canonical/lxd

CA certificate sign check bypass in github.com/canonical/lxd...

FreeBSD : gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference (772d8625-b3e8-11ef-b680-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 772d8625-b3e8-11ef-b680-4ccc6adda413 advisory. The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can...

WordPress Event Tickets with Ticket Scanner plugin <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Event Tickets with Ticket Scanner versions = 2.4.3...

WordPress plugin Event Tickets with Ticket Scanner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims...

Spring Eureka Detected

Spring Eureka is a service discovery and registration server. It enables microservices to dynamically discover and communicate with each other without hardcoded hostnames and ports. The scanner detected the usage of Spring Eureka on the target application. No source data...

PhpSysInfo Detected

PhpSysInfo is a customizable PHP script that displays information about the system. The scanner detected the usage of PhpSysInfo on the target application. No source data...

Ivanti EPM XML External Entity

Ivanti Endpoint Manager EPM versions 2022 SU6 / 2024 SU1 are vulnerable to an XML External Entity allowing an unauthenticated attacker to read arbitrary files from the system via a specially crafted request. No source data...

Fedora 41 : thunderbird (2024-07f6b6766c)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07f6b6766c advisory. Update to 128.5.0 https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/...

Fedora 40 : libsoup3 (2024-bd09057dd2)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd09057dd2 advisory. Add patches to fix: CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names bug 2325358 CVE-2024-5253...