17051 matches found
Microsoft Edge (Chromium) < 143.0.3650.66 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.66. It is, therefore, affected by multiple vulnerabilities as referenced in the December 4, 2025 advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote...
AlmaLinux 10 : buildah (ALSA-2025:22012)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22012 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...
USN-7874-3 linux-iot vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Linux
Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle Linux 10 : podman (ELSA-2025-20983)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20983 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...
Oracle Linux 10 : buildah (ELSA-2025-22012)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22012 advisory. - fixes 'Minor Incident CVE-2025-52881 buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...
Oracle Linux 10 : podman (ELSA-2025-21220)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21220 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects rhel-10.1.z'...
OPENSUSE-SU-2025-20135-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...
SUSE-SU-2025:21170-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...
CVE-2025-20384
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
CVE-2025-20384
CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
SUSE CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
PT-2025-50583
Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A flaw exists in glib that can lead to a denial-of-service DoS condition. The issue is a heap buffer overflow caused by an integer overflow within the escape byte string function, part of GLib's...
RockyLinux 9 : podman (RLSA-2025:21702)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21702 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2025-13632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to...
Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...
CLSA-2025-1764716872 tomcat: Fix of CVE-2025-31651
CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences...
SQL Injection
Overview asyncmy is an A fast asyncio MySQL driver Affected versions of this package are vulnerable to SQL Injection through the escapedict function. An attacker can execute arbitrary SQL commands by using untrusted JSON input because keys are not properly escaped. Remediation A fix was pushed in...