Fedora 42 : nix (2026-3cfb30c1fb)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3cfb30c1fb advisory. - update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p -...

Advisory ROSA-SA-2026-3161

Software: rsync 3.1.3 OS: ROSA Virtualization 3.1 unaffected versions = rsync-3.1.3-23.rv31 affected versions rsync-3.1.3-23.rv31 CVE-ID: CVE-2025-4638 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the zlib library embedded in PointCloudLibrary PCL allows attackers to cause...

Advisory ROSA-SA-2026-3146

Software: grafana 9.2.10 OS: ROSA Virtualization 3.1 unaffected versions = grafana-9.2.10-27.rv31 affected versions grafana-9.2.10-27.rv31 CVE-ID: CVE-2025-22871 BDU-ID: 2025-04014 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the net/http package of the Go programming language is related to...

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

Advisory ROSA-SA-2025-3083

Software: ImageMagick 6.9.10.68 OS: rosa-server79 unaffected versions = ImageMagick-6.9.10.68-7.0.3.res7 affected versions ImageMagick-6.9.10.68-7.0.3.res7 CVE-ID: CVE-2025-55154 BDU-ID: 2025-10835 CVE-Crit: CRITICAL. CVE-DESC.: Vulnerability in the ImageMagick console graphical editor related to...

Fedora 42 : chromium (2025-c92c2e0d79)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c92c2e0d79 advisory. Update to 142.0.7444.162 High CVE-2025-13042: Inappropriate implementation in V8 Tenable has extracted the preceding description block directly from...

Fedora 43 : chromium (2025-31f0d8bfa9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-31f0d8bfa9 advisory. Update to 142.0.7444.59 High CVE-2025-12428: Type Confusion in V8 High CVE-2025-12429: Inappropriate implementation in V8 High CVE-2025-12430: Objec...

EUVD-2017-0978

Malware in sbrugna...

EUVD-2023-29487

Malicious code in bioql PyPI...

WordPress Abandoned Contact Form 7 plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Abandoned Contact Form 7 versions = 2.2...

WordPress Browse As plugin <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie vulnerability

Authenticated Subscriber+ Authentication Bypass via Cookie vulnerability discovered by István Márton in WordPress Plugin Browse As versions = 0.2...

Fedora: Security Advisory (FEDORA-2025-3140334065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

📄 Feng Office 3.5.1.5 SQL Injection

Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...

WordPress FluentBoards plugin <= 1.47 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin FluentBoards versions = 1.47...

Advisory ROSA-SA-2025-2825

Software: python-pip 9.0.3 OS: ROSA Virtualization 3.0 packageevrstring: python-pip-9.0.3-24.rv30 CVE-ID: CVE-2007-4559 BDU-ID: 2022-05975 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extract and extractall functions of the tarfile module of the Python programming language interpreter is...

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

Fedora 41 : java-latest-openjdk (2025-f27fcf5da3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f27fcf5da3 advisory. January CPU 2025 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Advisory ROSA-SA-2025-2640

software: newmoon 33.3.0 WASP: ROSA-CHROME packageevrstring: newmoon-33.3.0 CVE-ID: CVE-2024-9396 BDU-ID: 2024-09265 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memor...

Advisory ROSA-SA-2025-2583

Software: libarchive 3.6.2 OS: ROSA-CHROME packageevrstring: libarchive-3.6.2 CVE-ID: CVE-2024-48957 BDU-ID: 2024-09446 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the executefilteraudio function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to...

WordPress Radio Player 2.0.82 Server-Side Request Forgery Vulnerability

CVE-2024-54385 Radio Player = 2.0.82 - Unauthenticated Server-Side Request Forgery Description The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This...