Adobe Illustrator < 25.1 Arbitrary code execution (APSB21-02) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 25.1. It is, therefore, affected by a vulnerability as referenced in the APSB21-02 advisory. - Adobe Illustrator version 25.0 and earlier is affected by an uncontrolled search path element that could result in arbitra...

Adobe Media Encoder < 14.0 Multiple Vulnerabilities (APSB19-52) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 14.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-52 advisory. - Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitatio...

Ubuntu 24.10 : libgsf vulnerabilities (USN-7062-2)

The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7062-2 advisory. USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. Tenable has extracted the preceding description...

Adobe Bridge 10.x < 10.0 Multiple Vulnerabilities (APSB19-53)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb19-53 advisory. - Adobe Bridge CC versions 9.1 and earlier have a memory corruption vulnerability. Successful exploitation...

XWiki Platform 7.0 < 14.4.8 / 14.5 < 14.10.4 Remote Code Execution

XWiki Platform versions 7.0, before 14.4.8 and versions 14.5 before 14.10.4 suffer from an improper escaping in the document 'SkinsCode.XWikiSkinsSheet'. By leveraging this vulnerability, a remote and unauthenticated attacker can achieve privilege escalation and achieve code execution on the...

GiveWP Plugin for WordPress < 3.16.4 Remote Code Execution

The WordPress GiveWP Plugin installed on the remote host is affected by a PHP object injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

SEOPress Plugin for WordPress < 7.9 PHP Object Injection

The WordPress SEOPress Plugin installed on the remote host is affected by a PHP object injection vulnerability via the deserialization of untrusted input from the 'title' parameter. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

Gradio < 4.37.1 Open Redirect

Gradio before version 4.37.1 suffer from an open redirect vulnerability, allowing an attacker to craft a link and try redirecting target applications users to a malicious server. This detection is included in the AI and LLM category. No source data...

Adobe InCopy 16.0.0 < 16.4.1 Multiple Vulnerabilities (APSB22-04)

The version of Adobe InCopy installed on the remote host is prior to 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-04 advisory. - Adobe InCopy version 16.4 and earlier is affected by an out-of-bounds write vulnerability that could result in arbitrary...

Adobe After Effects < 16.1.2 (APSB19-31)

The version of Adobe After Effects installed on the remote Windows host is prior to 16.1.2. It is, therefore, affected by a vulnerability as referenced in the APSB19-31 advisory. - Adobe After Effects versions 16 and earlier have an insecure library loading dll hijacking vulnerability. Successful...

FreeBSD : oauth2-proxy -- multiple vulnerabilities (dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9 advisory. The oauth2-proxy project reports: Vulnerabilities have been addressed: Tenable has extracted t...

Adobe Digital Editions < 4.5.11.187658 Multiple Vulnerabilities (APSB21-80) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.11.187658. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-80 advisory. - Adobe Digital Editions 4.5.11.187646 and earlier are affected by an arbitrary command execution...

Adobe Premiere Pro < 15.4.1 Arbitrary Code Execution (APSB21-67) (macOS)

The version of Adobe Premiere Pro installed on the remote macOS host is prior to 15.4.1. It is, therefore, affected by a vulnerability as referenced in the APSB21-67 advisory. - Adobe Premiere Pro version 15.4 and earlier are affected by a memory corruption vulnerability. An unauthenticated...

Adobe Dimension < 3.4.4 Multiple Vulnerabilities (APSB21-116) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-116 advisory. - Adobe Dimension versions 3.4.3 and earlier are affected by an out-of-bounds write vulnerability that could result...

Adobe Creative Cloud < 4.0.0.185 Multiple Vulnerabilities (APSB17-13)

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 4.0.0.185. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-13 advisory. - Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource...

Rockwell Automation ControlLogix Improper Input Validation (CVE-2024-6207)

A denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault MNRF when it receives an invalid CIP request. To exploit this vulnerability a malicious user must chain this exploits with CVE-2021-22681 and send a specially...

Palo Alto Expedition < 1.2.96 Multiple Vulnerabilties

Palo Alto Expedition versions before 1.2.96 suffer from multiple vulnerabilities: - An unauthenticated OS command Injection vulnerability through the /API/convertCSVtoParquet.php endpoint CVE-2024-9264 - An authenticated OS command injection vulnerability CVE-2024-9464 - An unauthenticated SQL...

Mura/Masa CMS SQL Injection

Mura and Masa CMS Open-source fork suffer from a SQL injection vulnerability on the JSON API. By crafting a specific HTTP request, a remote and unauthenticated attacker can exploit the vulnerability to gain access to the database and perform arbitrary operations. No source data...

Adobe Media Encoder < 14.3 Multiple Vulnerabilities (APSB20-36)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 14.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-36 advisory. - Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful...

Adobe Illustrator < 25.4.3 / 26.0.0 < 26.0.2 Multiple Privilege escalation (APSB22-02) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 25.4.3, 26.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-02 advisory. - Adobe Illustrator versions 25.4.2 and earlier and 26.0.1 and earlier are affected by an out-of-bounds...