CVE-2026-2611

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability

Sny registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object. This issue affects Apache OpenMeetings: from...

PT-2026-31639

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions prior to 9.0.0 Description A registered user can query a web service with their credentials and retrieve metadata id, type, name, and other fields from the FileItemDTO object for files and sub-folders of any folder...

Fedora 43 : python3.10 (2026-41f576f846)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-41f576f846 advisory. Update to 3.10.20 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Exploit for CVE-2023-4634

CVE-2023-4634 - Уязвимость RCE в WordPress плагине Media Libra...

MiracleLinux 7 : kernel-3.10.0-1160.76.1.el7 (AXSA:2022-3725:11)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3725:11 advisory. Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS CVE-2022-2112...

MiracleLinux 7 : kernel-3.10.0-1160.118.1.el7 (AXSA:2024-7723:11)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7723:11 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: kernel: use after free in unixstreamsendpage...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.10.el7.AXS7 (AXSA:2025-9862:27)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9862:27 advisory. drm: nv04: Fix out of bounds access CVE-2024-27008 media: uvcvideo: Fix double free in error path CVE-2024-57980 CVEs: CVE-2024-27008 In the Linux...

PT-2025-48484

Name of the Vulnerable Software and Affected Versions Shirt Pocket SuperDuper! versions 3.10 and earlier Description An issue exists that allows a local attacker to execute arbitrary code via the software update mechanism. Recommendations Update to a version later than 3.10...

EUVD-2016-9239

Malware in sbrugna...

EUVD-2017-0810

Malware in sbrugna...

EUVD-2022-48805

Malicious code in bioql PyPI...

EUVD-2023-55559

Malicious code in bioql PyPI...

EUVD-2021-28765

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-32472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.chat2db.excel:easyexcel-plus (=0.0.1) +9732 more potentially affected by CVE-2025-31672 via org.apache.poi:poi-ooxml (>=3.10-FINAL <=5.3.0)

org.apache.poi:poi-ooxml MAVEN version =3.10-FINAL, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =0.5.1, =0.9.0 and more Source cves: CVE-2025-31672 Source advisory: OSV:GHSA-GMG8-593G-7MV3...

Moodle <= 3.10 XSS Vulnerability

Moodle is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

Moodle CMS Cross-Site Scripting Vulnerability

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle CMS version v3.10, which originates from a vulnerability that allows remote...

BossCMS Security Breach

Wenzhou Huoyin Information Technology BossCMS is a content management system based on MySQL architecture of self-developed PHP framework by Wenzhou Huoyin Information Technology. A security vulnerability exists in BossCMS v3.10, which is caused by a cross-site request forgery CSRF vulnerability i...

PT-2024-24154 · Bosscms · Bosscms

Name of the Vulnerable Software and Affected Versions: BOSSCMS version 3.10 Description: The issue is related to Cross Site Request Forgery CSRF in the head code or foot code parameters. This means an attacker could potentially trick a user into performing unintended actions on the web applicatio...