CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

PT-2026-3601

A reflected cross-site scripting xss vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

MiracleLinux 9 : webkit2gtk3-2.46.1-2.el9_4 (AXSA:2024-8945:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8945:04 advisory. webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution CVE-2024-40776 webkitgtk: webkit2gtk: Processing maliciously crafted web...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.1 (AXSA:2023-5048:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5048:03 advisory. webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 Tenable has extracted the preceding description...

MiracleLinux 7 : fwupdate-12-6.0.1.el7.AXS7 (AXSA:2020-255:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-255:01 advisory. grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process CVE-2020-10713 grub2: grubmalloc does not validate allocation...

MiracleLinux 8 : glib2-2.56.4-159.el8, webkit2gtk3-2.36.7-1.el8.ML.1 (AXSA:2022-4319:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4319:01 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution...

MiracleLinux 9 : texlive-20200406-26.el9 (AXSA:2023-6081:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6081:02 advisory. texlive: arbitrary code execution allows document complied with older version CVE-2023-32700 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : texlive-20180414-29.el8 (AXSA:2023-6183:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6183:03 advisory. texlive: arbitrary code execution allows document complied with older version CVE-2023-32700 Tenable has extracted the preceding description block directly...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 8 : xmlrpc-c-1.51.0-5.el8.1 (AXSA:2022-3167:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3167:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 Tenable has extracted the preceding description block...

MiracleLinux 9 : webkit2gtk3-2.42.5-1.el9 (AXSA:2024-8032:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8032:02 advisory. webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-40414 webkitgtk: Processing web content may lead to arbitrary code...

MiracleLinux 8 : mariadb:10.3 (AXSA:2021-1698:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1698:01 advisory. mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user CVE-2021-27928 Tenable has...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.2 (AXSA:2023-5160:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5160:05 advisory. webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution CVE-2023-23529 Tenable has extracted the preceding...

MiracleLinux 7 : libsndfile-1.0.25-12.el7.1 (AXSA:2021-2390:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2390:02 advisory. libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution CVE-2021-3246 CVEs: CVE-2021-3246 Tenable has extracted the preceding...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : SimGear vulnerability (USN-7965-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7965-1 advisory. It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly...

MiracleLinux 9 : ghostscript-9.54.0-16.el9_4 (AXSA:2024-8422:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8422:02 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly fro...

MiracleLinux 8 : webkit2gtk3-2.34.6-1.el8.ML.1 (AXSA:2022-3625:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3625:01 advisory. webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free CVE-2022-22620 webkitgtk: Use-after-free leadi...

MiracleLinux 8 : webkit2gtk3-2.40.5-1.el8.ML.1 (AXSA:2023-7260:19)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7260:19 advisory. webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to...

MiracleLinux 8 : webkit2gtk3-2.36.7-1.el8.1.ML.1 (AXSA:2023-4616:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4616:01 advisory. webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 Tenable has extracted the preceding description...