Lucene search
K

420 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003590 advisory. An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read. Tenable...

6.7CVSS6.7AI score0.00464EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003811 advisory. A memory leak in the mlx5fpgaconncreatecq function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause...

4.9CVSS6.4AI score0.00556EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001505 advisory. A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race...

6.9CVSS6.4AI score0.0037EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

5.9CVSS6.5AI score0.00138EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000228 advisory. In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Tenable has...

5.5CVSS6.6AI score0.00994EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000402 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...

5.3CVSS6.7AI score0.02605EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1068

Name of the Vulnerable Software and Affected Versions PluXml versions prior to 5.8.23 Description A flaw exists in PluXml that could allow for remote code execution. The issue is located in the FileCookieJar:: destruct function within the core/admin/medias.php file of the Media Management Module...

5.8CVSS7.5AI score0.00386EPSS
Exploits1References7
NVD
NVD
added 2025/12/30 4:15 p.m.9 views

CVE-2025-64190

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.6...

6.5CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 4:0 p.m.5 views

EUVD-2025-205820

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.7 views

PT-2025-53018

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc6 Description The Linux kernel contains a flaw within the mt76 mt7921e driver that can lead to a crash during module removal rmmod in a stress test scenario involving rapid module loading and unloading...

7.8CVSS6.2AI score0.00462EPSS
Exploits2References842
Vulnrichment
Vulnrichment
added 2025/12/18 2:22 p.m.3 views

CVE-2025-1030 Sensitive Data Exposure in Utarit Informatics' SoliClub

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Weblate 信息泄露漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An information disclosure vulnerability exists in Weblate versions prior to 5.15.1, which stems from mishandling of specially crafted symbolic links and could result in reading arbitrary files from the serve...

7.7CVSS6AI score0.00344EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 1:15 a.m.6 views

CVE-2025-67492

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...

5.3CVSS0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.11 views

Weblate 安全漏洞

Weblate is a Copyleft open source web-based continuous localization system for free software. A security vulnerability exists in Weblate versions prior to 5.15 that stems from the possibility of accepting invitations opened by different users...

9.8CVSS6.4AI score0.00319EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.6 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.6 views

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS5.9AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50874

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

5.1CVSS6.8AI score0.00114EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49905

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Opal WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

9.8CVSS7.1AI score0.00385EPSS
Exploits0References3
CVE
CVE
added 2025/12/05 5:18 p.m.22 views

CVE-2025-34256

Advantech WISE-DeviceOn Server (prior to 5.4) uses a static HS512 HMAC secret to sign EIRMMToken JWTs, enabling forged tokens with a valid email claim. This allows remote, unauthenticated attackers to impersonate any DeviceOn account, including the root super admin, and obtain full administrative...

10CVSS7.4AI score0.00604EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/05 5:16 p.m.6 views

EUVD-2025-201434

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.1CVSS5AI score0.00182EPSS
Exploits0References4
Rows per page
Query Builder