RHCOS 4 : OpenShift Container Platform 4.11.1 (RHSA-2022:6102)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6102 advisory. - golang: crypto/tls: session tickets lack random ticketageadd CVE-2022-30629 Note that Nessus has not tested for this issue but has instead...

CVE-2026-27945 ZITADEL has potential SSRF via Actions

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

Improper Request Caching Lookup in the Auth0 Next.js SDK

Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

PT-2025-43407

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.11.1 Description FastGPT is a platform for building AI Agents. Versions of FastGPT before 4.11.1 contain a Server-Side Request Forgery SSRF issue in the workflow file reading node. The system does not verify the...

PT-2022-16834 · Weblate · Weblate

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 4.11.1 Description: Weblate is a web-based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them...