MiracleLinux 7 : git-1.8.3.1-20.el7 (AXSA:2019-3447:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3447:01 advisory. git: arbitrary code execution via .gitmodules CVE-2018-17456 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 4 : pam-1.1.1-20.AXS4.1 (AXSA:2015-439:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-439:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001471 advisory. kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel modul...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7660 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=4.0.0-milestone1 <=4.5.23)

io.vertx:vertx-core MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2026-1002 Source advisory: SNYK:JAVA-IOVERTX-14988768...

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

CVE-2025-13062

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062 Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

EUVD-2026-2808

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062 Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062

The CVE-2025-13062 entry concerns the WordPress plugin Supreme Modules Lite. Several connected sources confirm that versions up to 2.5.62 are vulnerable to arbitrary file upload because the plugin fails to correctly validate file types, especially JSON, allowing double-extension files to bypass s...

PT-2026-3003

Name of the Vulnerable Software and Affected Versions Supreme Modules Lite versions prior to 2.5.63 Description The Supreme Modules Lite plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation. The plugin incorrectly identifies JSON files, permitting...

WordPress plugin Supreme Modules Lite 代码问题漏洞

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...

pam security update

An update is available for pam. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

MiracleLinux 3 : pam-0.99.6.2-6.2.0.1.AXS3 (AXSA:2010-484:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-484:02 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

CVE-2026-22755

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

EUVD-2026-2345

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

CVE-2026-22755

CVE-2026-22755 is a command-injection flaw in Vivotek legacy firmware (upload_map.cgi) that allows OS command execution as root on multiple camera models. Affected devices include FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391, FE9180, FE9181, FE9...