MiracleLinux 8 : python36:3.6 (AXSA:2024-9397:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9397:01 advisory. virtualenv: potential command injection via virtual environment activation scripts CVE-2024-53899 Tenable has extracted the preceding description block...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : SimGear vulnerability (USN-7965-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7965-1 advisory. It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly...

MiracleLinux 8 : postgresql:10 postgresql-10.23-1.module+el8+1581+24b533d8 (AXSA:2023-4747:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4747:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 Tenable has extracted the preceding description block directly fr...

MiracleLinux 9 : python3.9-3.9.21-1.el9_5 (AXSA:2024-9439:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9439:09 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

MiracleLinux 8 : postgresql:12 (AXSA:2022-3939:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3939:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 Tenable has extracted the preceding description block directly fr...

Exploit for Server-Side Request Forgery in Pytorch Torchserve

PoC – Abuso de Configuraciones Predeterminadas en Vertex AI...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

Cross-site Scripting (XSS)

Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691

CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...

CVE-2025-64691 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-64691 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...