MiracleLinux 9 : httpd-2.4.62-4.el9_6.4 (AXSA:2025-10819:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10819:07 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible usi...

RHEL 9 : kernel (RHSA-2026:0457)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0457 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: SCTP...

MiracleLinux 9 : nginx-1.20.1-22.el9.ML.1 (AXSA:2025-10304:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10304:01 advisory. nginx: TLS Session Resumption Vulnerability CVE-2025-23419 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...

CVE-2026-22250

CVE-2026-22250 affects the Weblate command-line client wlc . Prior to version 1.17.0, SSL verification could be skipped for certain crafted URLs, potentially allowing an attacker to access sensitive resources. Ubuntu USN-7981-1 summarizes the issue and notes an update is available; remediation is...

Improper Certificate Validation

Overview wlc is an A command-line utility for Weblate, translation tool with tight version control integration Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL verification process. An attacker can intercept sensitive information by crafting malicious...

EUVD-2026-1930

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

CVE-2025-71063

The issue concerns Errands (pre-46.2.10) failing to verify TLS certificates when communicating with CalDAV servers, a trust-management vulnerability. Root cause: TLS certificate validation is omitted for CalDAV server connections, enabling exposure to misissued or invalid certificates. Impact det...

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

XSS in Chat Message Leads to Account Tackover

Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...

openSUSE Security Advisory (SUSE-SU-2026:0077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-53477

CVE-2025-53477 is a NULL pointer dereference vulnerability in Apache NimBLE (NimBLE host HCI layer). The issue stems from missing validation of HCI connection complete or HCI command TX buffers, which can lead to a NULL pointer dereference when combined with disabled asserts and a malfunctioning ...

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE versions 1.8.0 and earlier, whi...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

CVE-2021-31892

A vulnerability has been identified in SINUMERIK Analyse MyCondition All versions, SINUMERIK Analyze MyPerformance All versions, SINUMERIK Analyze MyPerformance /OEE-Monitor All versions, SINUMERIK Analyze MyPerformance /OEE-Tuning All versions, SINUMERIK Integrate Client 02 All versions =...

CVE-2021-0547

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...