Azure Linux 3.0 Security Update: keda (CVE-2021-42836)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-42836 advisory. - GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack. CVE-2021-42836 Note that Nessus...

CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

GHSA-4XH5-JCJ2-CH8Q Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

A privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. After OIDC token claims are processed through CEL expressions, there...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the RegExp serialization process. An attacker can cause the exhaustion of JavaScript runtime memory or trigger catastrophic backtracking by...

GHSA-HX9M-JF43-8FFR seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

Regular Expression Denial of Service (ReDoS)

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the RegExp serialization process. An attacker can cause the exhaustion of JavaScript runtime memory or trigger catastrophic backtracking by supplying...

Regular Expression Denial Of Service (ReDoS)

@modelcontextprotocol/sdk is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficiently constructed regular expressions with nested quantifiers in the UriTemplate class, which allows an attacker to supply a crafted URI that triggers catastrophic backtracki...

PT-2026-3873

Name of the Vulnerable Software and Affected Versions Flux Operator versions 0.36.0 through 0.39.9 Description The Flux Operator, a Kubernetes CRD controller, contains a flaw in its Web UI authentication code. This issue allows an attacker to bypass Kubernetes RBAC impersonation and execute API...

PT-2026-3889

Name of the Vulnerable Software and Affected Versions seroval versions 1.4.0 and below Description seroval is a JavaScript library that facilitates value stringification, including complex structures. In versions 1.4.0 and below, overriding RegExp serialization with excessively large patterns can...

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n RCE Exploit Unauthentic...

MiracleLinux 9 : python-setuptools-53.0.0-10.el9.1 (AXSA:2023-5193:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5193:02 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...

MiracleLinux 8 : grafana-7.5.15-4.el8.ML.1 (AXSA:2023-6073:05)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6073:05 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after...

MiracleLinux 8 : perl-5.26.3-417.el8 (AXSA:2021-1498:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1498:06 advisory. perl: corruption of intermediate language state of compiled regular expression due to recursive Sstudychunk calls leads to DoS CVE-2020-12723 Tenable has...

MiracleLinux 8 : python3-3.6.8-31.el8 (AXSA:2021-1204:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1204:01 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: infinite loop in the tarfile module via...

Server-Side Template Injection (SSTI) vulnerability exist in Genshi

Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...

MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...

MiracleLinux 9 : python3.12-3.12.1-4.el9_4.4 (AXSA:2024-8949:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8949:08 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

MiracleLinux 7 : python-pillow-2.0.0-23.gitd1c6db8.el7 (AXSA:2022-3076:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3076:01 advisory. python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions CVE-2022-22817 python-pillow: buffer over-read during initialization of...