MiracleLinux 3 : tomcat5-5.5.23-0jpp.40.0.1.AXS3 (AXSA:2013-538:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-538:02 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

PT-2026-3252

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...

PT-2026-3292

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

StudyMD security vulnerabilities

StudyMD is a Markdown reader developed by Jotron’s individual developers. Version 0.3.2 of StudyMD contains a security vulnerability; this vulnerability stems from allowing malicious scripts to be injected into Markdown files, potentially leading to remote code execution...

MiracleLinux 7 : postgresql-9.2.23-3.el7 (AXSA:2017-2464:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2464:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 4 : rh-mariadb100-mariadb-10.0.33-3.AXS4 (AXSA:2018-2584:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2584:01 advisory. A flaw was found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use this flaw to escalat...

MiracleLinux 7 : rh-postgresql95-postgresql-9.5.9-4.el7 (AXSA:2017-2468:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2468:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 7 : rh-postgresql94-postgresql-9.4.14-2.el7 (AXSA:2017-2466:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2466:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 4 : gdb-7.2-60.AXS4 (AXSA:2013-121:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-121:01 advisory. GDB, the GNU debugger, allows you to debug programs written in C, C++, Java, and other languages, by executing them in a controlled fashion and printing their...

MiracleLinux 4 : ntp-4.2.6p5-10.0.1.AXS4 (AXSA:2016-470:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-470:02 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

MiracleLinux 4 : rh-postgresql94-postgresql-9.4.14-2.AXS4 (AXSA:2017-2465:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2465:03 advisory. Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

MiracleLinux 7 : firefox-60.3.0-1.0.1.el7.AXS7 (AXSA:2018-3376:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3376:08 advisory. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Mozilla: Crash with nested event loops CVE-2018-12392 Mozilla:...

MiracleLinux 4 : firefox-60.3.0-1.0.1.AXS4 (AXSA:2018-3377:08)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3377:08 advisory. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Mozilla: Crash with nested event loops CVE-2018-12392 Mozilla:...

CVE-2026-22771

A flaw was found in Envoy Gateway. EnvoyExtensionPolicy Lua scripts, when executed by the Envoy proxy, can be exploited to leak the proxy's credentials. An attacker can then use these credentials to communicate with the control plane and gain unauthorized access to all secrets managed by the Envo...

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

USN-7965-1: SimGear vulnerability

It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly use this issue to execute arbitrary code...

USN-7965-1 simgear vulnerability

It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly use this issue to execute arbitrary code...

CVE-2026-0741

The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

PT-2026-3142

Name of the Vulnerable Software and Affected Versions Altium Forum affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into...