Linux Distros Unpatched Vulnerability : CVE-2015-8861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute...

Linux Distros Unpatched Vulnerability : CVE-2016-5303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers...

Linux Distros Unpatched Vulnerability : CVE-2018-6561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2016-5837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

USN-7705-1 tomcat10 vulnerabilities

It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2025-46701 Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

SUSE CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

Huawei HarmonyOS Type Obfuscation Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a type confusion vulnerability that can be exploited by an attacker to cause location information attribute errors...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-22269)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from ParcelMismatch in attribute deserialization, and can be exploited by an attacker to cau...

CVE-2025-54389

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2023-4130

CVE-2023-4130 : In the Linux kernel’s ksmbd SMB2 handling, there is a vulnerability due to wrong next length validation of the ea buffer in smb2_set_ea(). When multiple smb2_ea_info buffers are in FILE_FULL_EA_INFORMATION, ksmbd iterates using NextEntryOffset and validates only with that offset i...

CVE-2023-4130 ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2setea There are multiple smb2eainfo buffers in FILEFULLEAINFORMATION request from client. ksmbd find next smb2eainfo using -NextEntryOffset of current smb2eainfo. ksmbd...

CVE-2025-38506 KVM: Allow CPU to reschedule while setting per-page memory attributes

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory 1TB+, the host can experience CPU soft lockups when running an operation in...

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8113

CVE-2025-8113 affects the Ebook Store WordPress plugin (versions before 5.8015). The issue is a Reflected Cross-Site Scripting vulnerability where the plugin does not escape the $_SERVER['REQUEST_URI'] when outputting it into an HTML attribute, enabling a crafted URL to inject scripts in vulnerab...

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

CVE-2025-6025

CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...

Linux Distros Unpatched Vulnerability : CVE-2024-41029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute...