MiracleLinux 9 : less-590-3.el9_3 (AXSA:2024-7665:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7665:02 advisory. less: missing quoting of shell metacharacters in LESSCLOSE handling CVE-2022-48624 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : less-590-4.el9_4 (AXSA:2024-8144:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8144:04 advisory. less: OS command injection CVE-2024-32487 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 7 : less-458-10.el7 (AXSA:2024-8138:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8138:03 advisory. less: OS command injection CVE-2024-32487 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

Exploit for CVE-2026-22812

CVE-2026-22812 Overview A Python exploitation tool for Ope...

MiracleLinux 9 : kernel-5.14.0-570.26.1.el9_6 (AXSA:2025-10752:53)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10752:53 advisory. kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 Tenable has extracted the preceding description block direct...

Siemens Ruggedcom ROX OS Command Injection (CVE-2022-48624)

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504890;...

CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

CVE-2025-15154

CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...

📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection

PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

CVE-2025-65637 affecting package flannel for versions less than 0.14.0-27

CVE-2025-65637 affecting package flannel for versions less than 0.14.0-27. A patched version of the package is available...

CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10

CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10. A patched version of the package is available...

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

📄 Flowise 3.0.6 JS Parsing Injection

A JavaScript parsing injection vulnerability exists in Flowise versions prior to 3.0.6 and greater than 2.2.7-patch.1. ============================================================================================================================================= | Title : Flowise 3.0.6 JS Parsing...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....

Oracle Linux 9 : ipa (ELSA-2025-20928)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20928 advisory. 4.12.2-22.0.1.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 - Add bind to ipa-server-common Requires Orabug: 36518596 4.12.2-22.1 -...

Malicious code in @actbase/react-native-less-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f669b015d3df7c500b192e927f2890c45ad45dafa608100da2146dca598efa The package @actbase/react-native-less-transformer was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198728

Malicious code in @actbase/react-native-less-transformer npm...

MAL-2025-190710 Malicious code in @actbase/react-native-less-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f669b015d3df7c500b192e927f2890c45ad45dafa608100da2146dca598efa The package @actbase/react-native-less-transformer was found to contain malicious code. Source: ghsa-malware...