CVE-2025-12136

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

CVE-2025-12136

CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...

Photon OS 5.0: Linux PHSA-2025-5.0-0655

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0655. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Atlassian Jira 9.12.x < 9.12.28 Path Traversal

According to its self-reported version number, the Atlassian Jira application running on the remote host is 9.12.x prior to 9.12.28, 10.3.x prior to 10.3.12 or 11.x prior to 11.1.0. It is, therefore, affected by a path traversal vulnerability. Note that the scanner has not tested for these issues...

Rapid7 Velociraptor Installed (Linux)

Binary data rapid7velociraptornixinstalled.nbin...

MCP JSON Config Detected (Windows)

Binary data mcpjsonconfigdetectedwin.nbin...

GHSA-25QH-J22F-PWP8 vulnerabilities

Vulnerabilities for packages: dependency-track, apache-nifi-registry, nextflow, cassandra, akhq, cassandra-reaper, thingsboard, sonar-scanner-cli, apache-nifi, trino, management-api-for-apache-cassandra-5.0, kserve-modelmesh, zookeeper...

CVE-2025-11226 vulnerabilities

Vulnerabilities for packages: dependency-track, apache-nifi-registry, nextflow, cassandra, akhq, cassandra-reaper, thingsboard, sonar-scanner-cli, apache-nifi, trino, management-api-for-apache-cassandra-5.0, kserve-modelmesh, zookeeper...

CVE-2025-11226 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, knative-kafka-broker, nacos-docker, nacos, apache-nifi-registry, zookeeper-fips, sonar-scanner-cli, kayenta-fips, zookeeper, cassandra-reaper, knative-kafka-broker-fips, trino, kayenta, dependency-track,...

GHSA-25QH-J22F-PWP8 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, knative-kafka-broker, nacos-docker, nacos, apache-nifi-registry, zookeeper-fips, sonar-scanner-cli, kayenta-fips, zookeeper, cassandra-reaper, knative-kafka-broker-fips, trino, kayenta, dependency-track,...

Bytecode-Centric Detection of Known-To-Be-Vulnerable Dependencies in Java Projects

On average, 71% of the code in typical Java projects comes from open-source software OSS dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a considerable security risk of adding known security vulnerabilities to...

Photon OS 4.0: Perl PHSA-2025-4.0-0890

An update of the perl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0890. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Custom HTTP Header Detected

This is an informational notice that the scanner was able to detect custom HTTP headers in the target application's responses. No source data...

Poppler Installed (macOS)

Binary data macospopplerinstalled.nbin...

Photon OS 5.0: Linux PHSA-2025-5.0-0644

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0644. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Xmlrpc-scanner

QMLRPC Vulnerability Scanner 🚀 Windows-compatible advanced QM...

Clam AntiVirus Toolkit 1.5.1

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs ar...

WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by ChuongVN in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.10.4...

CVE-2025-9968

A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update for Armoury Crate...