121 matches found
Mozilla Firefox Out-of-Bounds Access Vulnerability (mfsa_2025-14) - Mac OS X
Mozilla Firefox is prone to an out-of-bounds access vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Azure Linux 3.0 Security Update: postgresql (CVE-2025-1094)
The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...
PT-2025-5994 · Unknown · Eli 280/Bur280/Mlbur 280 Resting Electrocardiograph +3
Name of the Vulnerable Software and Affected Versions: ELI 380 Resting Electrocardiograph versions 2.6.0 and prior ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph versions 2.3.1 and prior ELI 250c/BUR 250c Resting Electrocardiograph versions 2.1.2 and prior ELI 150c/BUR 150c/MLBUR 150c Restin...
Amazon DCV Client <= 2023.1.6203 MITM
The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
CVE-2025-0377
An archive extraction vulnerability was found in HashiCorp's go-slug library. When go-slug performs an extraction, the filename/extraction path is taken from the tar entry via the header.Name. It was discovered that the unpacking step improperly validated paths, potentially leading to path...
Oracle MySQL Server 8.0 - 8.0.36, 8.4.0 Security Update (cpujan2025) - Windows
Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenVPN Improper Input Sanitization Vulnerability (Jan 2025) - Windows
OpenVPN is prone to an improper input sanitization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn...
PT-2025-3144 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
PT-2025-3704 · WordPress · Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions 3.7 and earlier Description: The issue allows editors and above to perform SQL injection attacks due to the plugin not sanitizing and escaping a parameter before using it in a SQL statement. Recommendations:...
PT-2024-16969 · WordPress · Spotlight
Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-35439 · Dcme-320 +3 · Dcme-320 +3
Name of the Vulnerable Software and Affected Versions: DCME-320 versions prior to 7.4.12.90 DCME-520 versions prior to 9.25.5.11 DCME-320-L versions prior to 9.3.5.26 DCME-720 versions prior to 9.1.5.11 Description: The issue allows for Remote Code Execution and Privilege Escalation via the...
F5 Networks BIG-IP : Qt vulnerability (K000148690)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148690 advisory. In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPer...
PT-2024-72: Weakness of password policy in Password Pusher
The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...
PT-2024-9995 · Drupal +1 · Drupal Core +1
Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...
PT-2024-30892 · Elementor · Nicheaddons Charity Addon For Elementor
Name of the Vulnerable Software and Affected Versions: NicheAddons Charity Addon for Elementor versions 1.3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an...
PT-2024-7557 · Unknown · Jitsi Meet
Name of the Vulnerable Software and Affected Versions: Jitsi Meet versions prior to 2.0.9779 Description: The issue is related to the insecure implementation of the image sharing functionality using giphy in Jitsi Meet. This allows clients to load GIFs from any arbitrary URL if a message from...
PT-2024-27863 · Unknown · Meks Smart Author Widget
Name of the Vulnerable Software and Affected Versions: Meks Smart Author Widget versions 1.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...
PT-2024-26645 · Thimpress · Thimpress Eduma
Name of the Vulnerable Software and Affected Versions: ThimPress Eduma versions n/a through 5.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. Recommendations: For versions n/a...
PT-2024-25678 · Unknown · Pterodactyl
Name of the Vulnerable Software and Affected Versions: Pterodactyl versions prior to 1.11.6 Description: Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting XSS on the panel, potentially allowing an attacker to gain an administrator account. The...
PT-2023-30706 · Ezviz +1 · Ezviz Cs-C6Cn +3
Name of the Vulnerable Software and Affected Versions: Ezviz CS-C6N-xxx versions prior to v5.3.x build 20230401 Ezviz CS-CV310-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C6CN-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C3N-xxx versions prior to v5.3.x build 20230401 Hikvision...