RHCOS 4 : OpenShift Container Platform 4.14.10 (RHSA-2024:0292)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0292 advisory. - golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 Note that Nessus has not tested for th...

CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

EUVD-2015-3983

Malware in sbrugna...

EUVD-2015-3899

Malware in sbrugna...

EUVD-2023-30287

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-5493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier fo...

Linux Distros Unpatched Vulnerability : CVE-2017-2647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash...

Linux Distros Unpatched Vulnerability : CVE-2017-13305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. CVE-2017-13305...

CVE-2025-44647

In TRENDnet TEW-WLC100P 2.03b03, the idontcareaboutsecurityanduseaggressivemodepsk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK...

CVE-2025-38335

CVE-2025-38335 concerns a Linux kernel vulnerability in the gpio_keys driver related to PREEMPT_RT. The description states that when PREEMPT_RT is enabled, gpio_keys_irq_timer() can run in hard IRQ context while input_event() uses a spin_lock, which is incompatible with hard IRQ. This leads to a ...

SUSE-SU-2025:02125-1 Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50127: net: sched: fix use-after-free in tapriochange bsc1232908. -...

GHSA-FJ44-H6XW-896G react-native-keys insecurely stores encryption cipher and Base64 chunks

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure remote as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools...

CVE-2023-44093

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this...

Important: kernel-livepatch-4.14.355-275.591

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete CVE-2024-47757 In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse the buffer of the extents path CVE-2024-49882 In t...

CVE-2025-27650

CVE-2025-27650 concerns Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.862 and Application 20.0.2014, where private keys are present in the Docker overlay, exposing sensitive material. The CVSS 3.1 base metrics indicate high impact on confidentiality, integrity, and ava...

CVE-2025-1063

CVE-2025-1063 affects the Classified Listing – Classified ads & Business Directory Plugin for WordPress. It enables Sensitive Information Exposure via rtcl_taxonomy_settings_export in all versions up to 4.0.4, allowing unauthenticated attackers to exfiltrate API keys and tokens. Red Hat/Wordfence...