MiracleLinux 7 : kernel-3.10.0-1160.66.1.el7 (AXSA:2022-3196:08)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3196:08 advisory. kernel: cgroups v1 releaseagent feature may allow privilege escalation CVE-2022-0492 Tenable has extracted the preceding description block directly from the...

CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

CVE-2022-39309

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

...

club.zhcs:lina-apm (>=3.3.5 <=3.4.0), club.zhcs:lina-auth (>=3.3.1 <=3.4.0) +240 more potentially affected by CVE-2022-23496 via nl.basjes.parse.useragent:yauaa (>=7.0.0 <=7.8.0)

nl.basjes.parse.useragent:yauaa MAVEN version =7.0.0, =3.3.5, =3.3.1, =3.3.1, =3.3.1, =3.3.1, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.10 and more Source cves: CVE-2022-23496 Source advisory: OSV:GHSA-C4PM-63CG-9J7H...