PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

TOTOLINK WA300 缓冲区错误漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The TOTOLINK WA300 5.2cu.7112B20190227 version contains a buffer overflow vulnerability. This vulnerability stems from the operation of the loginauth function in the POST Request Handler component’s file...

RHCOS 4 : Red Hat build of MicroShift 4.15.12 (RHSA-2024:2667)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2667 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory. - cri-o: malicious container can create symlink on host CVE-2024-5154 Note that Nessus has not tested for this issue but has instead relied...

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Version 3.10.4 of vm2 contains security vulnerabilities. Attackers can exploit these vulnerabilities to obtain host process objects...

RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:13508)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13508 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

PT-2026-36848

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description vm2 is an open source sandbox for Node.js. A sandbox breakout occurs through the inspect function, allowing attackers to write code that escapes the sandbox environment and executes arbitrary commands o...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability, which stemmed from a sandbox escape vulnerability. This...

RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2018:3549)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3549 advisory. - kubernetes: authentication/authorization bypass in the handling of non-101 responses CVE-2018-1002105 Note that Nessus has not tested for...

RHCOS 4 : OpenShift Container Platform 4.12.60 (RHSA-2024:4008)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4008 advisory. - cri-o: malicious container can create symlink on host CVE-2024-5154 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 2 : openshift-origin-broker (RHSA-2014:0423)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0423 advisory. - OpenShift: openshift-origin-broker plugin allows impersonation CVE-2014-0188 Note that Nessus has not tested for this issue but has instead...

Linux Distros Unpatched Vulnerability : CVE-2026-22741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all...

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.5 had a code injection vulnerability. This vulnerability stems from insufficient fixes to CVE-2023-374...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from an sandbox escape exploit throug...

PT-2026-37194

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description A user with create Workflow permission can bypass the templateReferencing: Strict and Secure restrictions. This occurs because the system only blocks th...

RHCOS 3 : OpenShift Container Platform 3.2 (RHSA-2018:1241)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1241 advisory. - source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go CVE-2018-1102 Note that Nessus has not tested fo...

Linux Distros Unpatched Vulnerability : CVE-2025-70067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a...

RHCOS 4 : OpenShift Container Platform 4.17.15 (RHSA-2025:0878)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0878 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Note that...

Velociraptor 安全漏洞

Velociraptor is an open-source tool developed by Velocidex, designed for querying and collecting host-based status information using the Velociraptor Query Language VQL. Versions of Velociraptor prior to 0.76.4 contained security vulnerabilities. These vulnerabilities stemmed from a resource...