20930 matches found
Termix 安全漏洞
Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by 16 file manager endpoints to ensure that the requesting user had an SSH session...
PT-2026-47022
Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...
Fedora 43 : jpegxl (2026-3e75b379d4)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3e75b379d4 advisory. Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837. Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Tenable ha...
Fedora 44 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-dafdad8fd3)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dafdad8fd3 advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora 43 : rust-sequoia-cert-store / rust-sequoia-chameleon-gnupg / etc (2026-ecfadb29a1)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-ecfadb29a1 advisory. - Update the sequoia-wot crate to version 0.15.2. - Update the sequoia-keystore crate to version 0.7.3. This includes a rebuild of all dependent applications...
Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...
Fedora 43 : transmission (2026-893c99f61c)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-893c99f61c advisory. 4.1.2, fix for CVE-2026-38978 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...
PT-2026-51740
Name of the Vulnerable Software and Affected Versions cURL affected versions not specified libcurl affected versions not specified Description An issue in the QUIC UDP receive function allows a remote malicious HTTP/3 server to cause a denial of service. The helper function fails to count...
CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...
MINI-VCRG-3MMV-XJMP
Bulletin has no description...
MINI-J538-W287-3CMF
Bulletin has no description...
CVE-2026-41237 Froxlor has an incomplete fix for CVE-2026-30932
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...
CVE-2026-41236 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...
CVE-2026-40898 quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...
GHSA-4VQC-WPWG-VH7J kas's late signature validation may allow unnoticed repository manipulations
Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...
MINI-RH2M-43MP-5VMP
Bulletin has no description...
MINI-QWV2-3G84-F95M
Bulletin has no description...
MINI-6Q27-3PQQ-VVP2
Bulletin has no description...
MINI-XC2R-7V63-J4CX
Bulletin has no description...
CVE-2025-12694
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...