280 matches found
PT-2025-33146
Name of the Vulnerable Software and Affected Versions: Disable-right-click-powered-by-pixterme versions through 1.2 pixter-image-digital-license versions through 1.0 Description: The Disable-Right-Click and Pixter Image Digital License WordPress plugins load a compromised JavaScript file from an...
Fedora 42 : matrix-synapse (2025-9e0e3043af)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9e0e3043af advisory. Update to 1.135.2 ---- Update to 1.135.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
PT-2025-32942 · Adobe · Indesign Desktop
Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions 20.4 and earlier InDesign Desktop version 19.5.4 and earlier Description: InDesign Desktop versions 20.4 and earlier, including version 19.5.4, are susceptible to a Use After Free issue. Successful exploitation of th...
PT-2025-30606 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 2.11.2 and below Harbor versions 2.12.0-rc1 Harbor versions 2.13.0-rc1 Description: Harbor, an open source trusted cloud native registry project, is susceptible to a stored cross-site scripting XSS issue. The markdown field...
PT-2025-29876 · Romm · Romm
Name of the Vulnerable Software and Affected Versions: RomM versions prior to 3.10.3 RomM versions prior to 4.0.0-beta.3 Description: RomM, a self-hosted rom manager and player, contains an authenticated path traversal issue in the /api/raw endpoint. This allows for the leakage of passwords and...
PT-2025-29616 · Oracle · Oracle Bi Publisher 12.2.1.4.0 +2
Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.6.0.0.0 Oracle BI Publisher versions 8.2.0.0.0 Oracle BI Publisher versions 12.2.1.4.0 Description: A vulnerability exists within the Oracle BI Publisher product of Oracle Analytics Web Server component that...
PT-2025-28463 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.15 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.4.0 through 7.4.5 Fortinet FortiOS versions 7.6.0 through 7.6.1 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy...
PT-2025-28170
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.5 MongoDB Server versions prior to 7.0.18 MongoDB Server versions prior to 6.0.21 Description: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server log...
PT-2025-27813 · Unknown +1 · Masseditregex Extension +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - MassEditRegex Extension versions 1.39.X through 1.39.11 Mediawiki - MassEditRegex Extension versions 1.42.X through 1.42.6 Mediawiki - MassEditRegex Extension versions 1.43.X through 1.43.1 Description: The issue is related to...
PT-2025-26352 · Unknown · Powerpress Podcasting
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting versions through 11.12.11 Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Server Side Request Forgery. Recommendations: For versions through 11.12.11, update to a version later than...
PT-2025-26454
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 6.5.24 SugarCRM versions prior to 6.7.13 SugarCRM versions prior to 7.5.2.5 SugarCRM versions prior to 7.6.2.2 SugarCRM versions prior to 7.7.1.0 Description: A PHP object injection issue exists due to improper...
PT-2025-25283 · Mendix · Mendix Studio Pro
Name of the Vulnerable Software and Affected Versions: Mendix Studio Pro versions prior to 8.18.35 Mendix Studio Pro versions prior to 9.24.35 Mendix Studio Pro versions prior to 10.6.24 Mendix Studio Pro versions prior to 10.12.17 Mendix Studio Pro versions prior to 10.18.7 Mendix Studio Pro...
PT-2025-23841 · Deno · Deno
Name of the Vulnerable Software and Affected Versions: Deno versions prior to 2.1.13 and prior to 2.2.13 Description: The issue affects Deno, a JavaScript, TypeScript, and WebAssembly runtime. It involves the Deno.env.toObject method, which ignores variables listed in the --deny-env option of the...
PT-2025-23266 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.70.12 Zitadel versions prior to 2.71.10 Zitadel versions prior to 3.2.2 Description: Zitadel is open-source identity infrastructure software. A potential issue exists in the password reset mechanism, where ZITADEL...
PT-2025-22987
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 115.24 Firefox ESR versions prior to 128.11 Description A double-free issue could occur in the vpx codec enc init multi function after a failed allocation when initializing the encode...
CVE-2021-29399
XMB is vulnerable to cross-site scripting XSS due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16...
CVE-2021-29075
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before...
UBUNTU-CVE-2025-47291
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...
PT-2025-26325 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5 Description: The issue arises...
CVE-2024-55893
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...