Fedora 43 : openbao (2026-a9c2a486a6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a9c2a486a6 advisory. Update to upstream 2.5.2, including fixes for CVE-2026-33757 and CVE-2026-33758 Tenable has extracted the preceding description block directly from...

n8n Has Expression Escape Vulnerability Leading to RCE

Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...

CVE-2025-15241

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack...

CVE-2025-15241

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack...

CVE-2025-15241

CloudPanel Community Edition up to 2.5.1 is affected by an open redirect vulnerability in the HTTP Header Handler’s handling of the Referer argument in the /admin/users file. The issue enables remote attackers to trigger a redirect by manipulating Referer, with exploitation disclosed publicly. Re...

CVE-2025-15241 CloudPanel Community Edition HTTP Header users redirect

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack...

PT-2025-53858

Name of the Vulnerable Software and Affected Versions CloudPanel Community Edition versions up to 2.5.1 Description A security issue exists in CloudPanel Community Edition. The problem involves an open redirect through manipulation of the Referer argument within an unknown function of the...

CVE-2024-53679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...

PT-2024-19585 · Unknown · Liveconfig

Name of the Vulnerable Software and Affected Versions: LiveConfig versions prior to 2.5.2 Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via a crafted request to the "/static/" endpoint. This enables the attacker to access files or directories th...

PT-2023-8841 · Apache +1 · Apache Ivy +1

Name of the Vulnerable Software and Affected Versions: Apache Ivy versions prior to 2.5.2 Description: The issue is related to improper restriction of XML external entity references, which can lead to XML injection, also known as blind XPath injection. When Apache Ivy parses XML files, it allows...

PT-2022-20880 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from the failure to validate user permissions when updating a robot account that belongs to a project the authenticated user doesn’t have access to. By sending a request to update a...

PT-2020-14344 · Ilm +2 · Openexr +2

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.5.2 Description: An issue was discovered where an invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer...