3111 matches found
GHSA-93CQ-CWFP-9R89 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-3RQH-HCH3-JHPC vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-RCVQ-M9J9-6F4G vulnerabilities
Vulnerabilities for packages: kibana...
Photon OS 5.0: Zlib PHSA-2026-5.0-0874
An update of the zlib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
TYPO3 CMS has Broken Access Control in its Media Module
Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...
GHSA-JF56-V8JC-JCC5 TYPO3 CMS has Broken Access Control in its File Abstraction Layer
Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...
GHSA-CG75-QFG2-W9HJ TYPO3 CMS has Cross-Site Scripting in Indexed Search
Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...
CVE-2026-3433
Mattermost is affected in versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x
GHSA-4M7C-C75J-4G7G vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-3VRF-5PC8-4996 vulnerabilities
Vulnerabilities for packages: chromium...
Fedora 43 : weasyprint (2026-2080c5c036)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2080c5c036 advisory. New upstream version which also includes a security update CVE-2026-49452. Tenable has extracted the preceding description block directly from the Fedora...
ALPINE-CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-48039
creationtimestamp| type| source ---|---|--- 2026-06-11 13:28:29+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9gw6-46qc-99vr...
RHSA-2026:25138 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Bulletin has no description...
RHSA-2026:25110 Red Hat Security Advisory: .NET 8.0 security update
Bulletin has no description...
RHSA-2026:25090 Red Hat Security Advisory: httpd:2.4 security update
Bulletin has no description...
PT-2026-48683
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...
PT-2026-48699
Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.11.0 Description An argument injection issue exists in the software as used in cPanel & WHM. This allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI...
Oracle Linux 8 : .NET / 10.0 (ELSA-2026-25114)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25114 advisory. 10.0.109-1.0.1 - Add support for Oracle Linux 10.0.109-1 - Update to .NET SDK 10.0.109 and Runtime 10.0.9 - Resolves: RHEL-181555 10.0.106-2 - Update ...
RockyLinux 9 : redis (RLSA-2026:23229)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23229 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...