MiracleLinux 9 : httpd-2.4.57-5.el9 (AXSA:2023-6899:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6899:07 advisory. httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. Thi...

MiracleLinux 9 : python3.11-setuptools-65.5.1-2.el9_4.1 (AXSA:2024-8653:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8653:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 9 : python3.12-3.12.1-4.el9_4.3 (AXSA:2024-8798:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8798:06 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

MiracleLinux 9 : libtpms-0.9.1-3.20211126git1ff6fe1f43.el9 (AXSA:2023-5454:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5454:01 advisory. tpm: TCG TPM2.0 implementations vulnerable to memory corruption CVE-2023-1017 tpm2: TCG TPM2.0 implementations vulnerable to memory corruption...

MiracleLinux 8 : httpd:2.4 (AXSA:2022-3749:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3749:01 advisory. httpd: modproxy NULL pointer dereference CVE-2020-13950 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 8 : nodejs:16 (AXSA:2023-6328:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6328:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-7550:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7550:01 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when...

MiracleLinux 8 : open-vm-tools-12.1.5-2.el8.ML.1 (AXSA:2023-6180:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6180:06 advisory. open-vm-tools: authentication bypass vulnerability in the vgauth module CVE-2023-20867 Tenable has extracted the preceding description block directly from th...

MiracleLinux 9 : mod_jk-1.2.49-1.el9, mod_proxy_cluster-1.3.20-1.el9 (AXSA:2024-7930:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7930:01 advisory. httpd: Apache Tomcat Connectors modjk Information Disclosure CVE-2023-41081 modcluster/modproxycluster: Stored Cross site Scripting CVE-2023-6710...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6466:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6466:01 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodej...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838

CVE-2026-23838 affects Tandoor Recipes when installed via Nix and using the default configuration with SQLite and default MEDIA_ROOT. Versions 23.05 through 26.04 (prior to 26.05) are vulnerable because the NixOS module sets the working directory and MEDIA_ROOT to /var/lib/tandoor-recipes, causin...

CVE-2026-1158

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154 SourceCodester E-Learning System Lesson index.php cross site scripting

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154 SourceCodester E-Learning System Lesson index.php cross site scripting

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

The CVE-2026-1154 entry affects SourceCodester E-Learning System 1.0, specifically the /admin/modules/lesson/index.php file in the Lesson Module Handler. Affected vector: manipulation of the Title/Description argument enables basic cross-site scripting. The vulnerability is described as exploitab...