python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

PT-2026-1809

Name of the Vulnerable Software and Affected Versions ABB WebPro SNMP Card PowerValue versions through 1.1.8.K ABB WebPro SNMP Card PowerValue UL versions through 1.1.8.K Description An insufficient session expiration issue exists in ABB WebPro SNMP Card PowerValue and ABB WebPro SNMP Card...

PT-2026-1563

Name of the Vulnerable Software and Affected Versions MoneySpace plugin for WordPress versions prior to 2.13.9 Description The MoneySpace plugin for WordPress exhibits a sensitive information exposure issue. The plugin stores complete payment card details – including Primary Account Number PAN,...

PT-2026-1262

Name of the Vulnerable Software and Affected Versions AA-Team Premium SEO Pack versions through 3.3.2 Description The software contains a flaw related to the improper handling of special characters within SQL commands, which could lead to SQL Injection. The issue allows manipulation of SQL querie...

PT-2026-1245

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc7-CI DRM 17270-g7644974e648c+ Description The Linux kernel drm/vgem-fence subsystem contained a flaw where a timer used to expire a vgem fence could lead to a deadlock. This occurred when the timer expir...

PT-2026-26134

Name of the Vulnerable Software and Affected Versions nghttp2 versions prior to 1.68.1 Description nghttp2 is a C implementation of the Hypertext Transfer Protocol version 2. Versions of nghttp2 prior to 1.68.1 are susceptible to a denial-of-service condition. This occurs because the library does...

PT-2026-1022

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server, a server application used on boats, has an information disclosure issue. An unauthenticated user can access sensitive system information. This includes the complete SignalK...

php:8.1 security update

An update is available for module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

PT-2025-53618

Name of the Vulnerable Software and Affected Versions getmaxun versions prior to 0.0.28 Description A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the router.get function within the server/src/routes/auth.ts file is susceptible to improper authorization due ...

PT-2025-53608

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.27.0 through 1.27.9 Description An attacker could disrupt access to RSS feeds for all users of an instance by manipulating the proxy settings to send a large number of 429 Retry-After requests. This denial of service makes...

Fedora 42 : httpd (2025-f7c75ffee2)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7c75ffee2 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

PT-2025-53275

Name of the Vulnerable Software and Affected Versions Watu Quiz versions through 3.4.5 Description An authorization issue exists in Watu Quiz that allows exploitation due to incorrectly configured access control security levels. Recommendations Update Watu Quiz to a version later than 3.4.5...

PT-2025-52963

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc5-01219-gfa0e21fa4443 Description The Linux kernel contained a data race condition related to the unix tot inflight variable within the af unix subsystem. Specifically, unix tot inflight was being modifie...

Fedora 42 : mingw-glib2 (2025-b2df36b70a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b2df36b70a advisory. Update to glib-2.84.4 and backport fixes for CVE-2025-13601, CVE-2025-14087 and CVE-2025-14512. Tenable has extracted the preceding description bloc...

mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

GHSA-9XWC-HFWC-8W59 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgraded to 16.11: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...

Fedora 43 : httpd (2025-9621c19da8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9621c19da8 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 44 : containernetworking-plugins (2025-c67591d0a2)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c67591d0a2 advisory. Automatic update for containernetworking-plugins-1.9.0-1.fc44. Changelog Tue Dec 9 2025 Bradley G Smith - 1.9.0-1 - Update to release v1.9.0 -...

Analysis of the Security Design, Engineering, and Implementation of the SecureDNA System

We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of...