MiracleLinux 8 : gcc-toolset-13-gcc-13.3.1-2.2.el8_10.ML.1 (AXSA:2025-9669:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9669:02 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

PT-2026-2487

Name of the Vulnerable Software and Affected Versions Semantic machines version 5.4.8 Description An issue allows attackers to bypass authentication by sending a crafted HTTP request to various API endpoints. The attack targets authentication mechanisms within the software. The affected API...

PT-2026-1948

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.10 and earlier Description An improper authentication issue exists in Broadcom DX NetOps Spectrum on Windows and Linux systems, allowing for authentication bypass. The issue impacts DX NetOps Spectrum...

PT-2026-1943

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.8 and earlier Description The software contains a Reflected Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This impacts installations on Windows and...

Fedora 43 : coturn (2026-c9fb3f5806)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c9fb3f5806 advisory. - Backport upstream patches for CVE-2025-69217 2425955 Tenable has extracted the preceding description block directly from the Fedora security...

Mageia: Security Advisory (MGASA-2026-0005)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

CVE-2020-7137

A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue...

CVE-2020-7197

SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console SSMC 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console SSMC software 3.7.0.0...

CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of servic...

CVE-2021-2257

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2025-23032

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarescala.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts int...

CVE-2022-23617

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and...

CVE-2022-35925

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

CVE-2023-45811

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...

CVE-2025-23209

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

CVE-2022-23487

js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of...

CVE-2022-23511

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM...

PT-2026-2057

Name of the Vulnerable Software and Affected Versions Samsung Galaxy Store versions prior to 4.6.02 Description A flaw exists in the Galaxy Store application where insufficient input validation can allow a local attacker to execute arbitrary script. The issue affects the Galaxy Store application...