5124 matches found
CLSA-2025-1761596531 Update of microcode_ctl
Update version - Drop releasenote.md file...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20251023T162509 2025-10-23T16:25:09Z jscPED-11136. Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3979 CVE-2025-59824 GHSA-hqrf-67pm-wgfq GO-2025-3981 CVE-2025-59823 GHSA-227x-7mh8-3cf6...
PT-2025-43878
Name of the Vulnerable Software and Affected Versions Iqbolshoh php-business-website versions prior to 10677743a8dfc281f85291a27cf63a0bce043c24 Description A cross-site scripting issue exists in Iqbolshoh php-business-website. The issue is located in the admin/contact.php file, where manipulation...
PT-2025-43903
Name of the Vulnerable Software and Affected Versions chatwoot versions up to 4.7.0 Description A security flaw exists in chatwoot affecting the Admin Interface component, specifically within the app/javascript/shared/components/IframeLoader.vue file. Manipulation of the Link argument can lead to...
Medium: python3.11
Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...
PT-2025-43168
Name of the Vulnerable Software and Affected Versions Themefic Hydra Booking versions through 1.1.9 Description A missing authorization issue exists in Themefic Hydra Booking, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Themefic Hydra...
PT-2025-43263
Name of the Vulnerable Software and Affected Versions WooCommerce Orders & Customers Exporter versions through 5.4 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. This allows for exploitation of the access control...
CLSA-2025-1761056432 Update of libxslt
Bump version to 1.1.28-6.0.3.tuxcare.els1...
PT-2025-42933
Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9 through 8.0.8.7 Oracle Financial Services Analytical Applications Infrastructure version 8.1.2.5 Description An easily exploitable issue exists in the Oracle...
Oracle Linux 8 : webkit2gtk3 (ELSA-2025-18070)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-18070 advisory. 2.50.1-1 - Update to 2.50.1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
JLSEC-2025-39 Possible XSS in HTMLSanitizer when using svg elements
Description When adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This behavior is similar to the sanitization bypass described in CVE-2020-40...
Low: docker
Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...
CVE-2025-61775 Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address...
CVE-2025-9265 API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version late...
Fedora: Security Advisory (FEDORA-2025-0d898890e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : docker-buildx (2025-0aaef4df82)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0aaef4df82 advisory. - Update to release v0.29.1 - Upstream fixes ---- - Update to release v0.29.0 - Resolves: rhbz2397747, rhbz2398425, rhbz2398679, rhbz2399082,...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2025:03525-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03525-1 advisory. Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910:...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: go74822 cmd/go: "get...
PT-2025-41334
Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow exists in Tenda AC7 routers. The issue is located in an unknown function within the /goform/saveAutoQos file. Exploitation occurs through manipulation of the enable...
Fedora 42 : mod_http2 (2025-40b7d151db)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-40b7d151db advisory. - version update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...