MiracleLinux 9 : golang-1.24.4-1.el9_6 (AXSA:2025-10627:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10627:03 advisory. net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 Tenable has extracted the preceding description block directly fr...

golang security update

1.24.4-1 - Update to Go 1.24.4 fips-1 - Resolves: RHEL-101074 1.23.10-1 - Update to Go 1.23.10 - Fix for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 - Resolves: RHEL-96000...

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.4 bsc1236217: CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation bsc1244158. CVE-2025-0913 os: inconsistent handling of OCREATE|OEXCL on Unix and Windows bsc1244157. CVE-2025-4673 net/http:...

Improper Certificate Validation

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

CVE-2023-3134

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks...

PT-2023-23293 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator WordPress plugin versions prior to 1.24.4 Description: The issue arises from the plugin's failure to properly escape values reflected inside form fields that use pre-populated query parameters, potentially leading to reflected XSS...

PT-2023-21168 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The Lua filter in Envoy is vulnerable to denial of service. Attackers can...

GHSA-PP75-XFPW-37G9 Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."...

MediaWiki Multiple Vulnerabilities (Nov 2015) - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2015-8005

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file...

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...