CVE-2025-13062

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062

The CVE-2025-13062 entry concerns the WordPress plugin Supreme Modules Lite. Several connected sources confirm that versions up to 2.5.62 are vulnerable to arbitrary file upload because the plugin fails to correctly validate file types, especially JSON, allowing double-extension files to bypass s...

WordPress plugin Supreme Modules Lite 代码问题漏洞

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...

PT-2026-3003

Name of the Vulnerable Software and Affected Versions Supreme Modules Lite versions prior to 2.5.63 Description The Supreme Modules Lite plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation. The plugin incorrectly identifies JSON files, permitting...

pam security update

An update is available for pam. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

MiracleLinux 3 : pam-0.99.6.2-6.2.0.1.AXS3 (AXSA:2010-484:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-484:02 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

CVE-2026-22755

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

CVE-2026-22755

CVE-2026-22755 is a command-injection flaw in Vivotek legacy firmware (upload_map.cgi) that allows OS command execution as root on multiple camera models. Affected devices include FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391, FE9180, FE9181, FE9...

EUVD-2026-2345

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

PT-2026-2794

Name of the Vulnerable Software and Affected Versions Vivotek devices versions 0100a through 012502 Description The affected devices contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' issue. This allows for potential OS Command Injection through the uploa...

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function...

MiracleLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (AXSA:2025-10737:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10737:01 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block...

MiracleLinux 7 : pam-1.1.8-23.0.1.0.1.el7.AXS7 (AXSA:2025-10203:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10203:02 advisory. CVE-2024-10041: fix possibility of leakage of secret information stored in memory CVE-2024-22365: fix potential DoS via mkfifo because the openat...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...

PT-2026-2229

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe imports method within Fickling’s static analyzer does not identify several high-risk Python modules...

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...

CVE-2025-15035

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...