2325 matches found
MiracleLinux 7 : bind-9.11.4-9.P2.0.1.el7.AXS7 (AXSA:2019-4292:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4292:05 advisory. bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies CVE-2018-5741 Tenable has extracted the preceding description block directly...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000779)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000779 advisory. fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service...
CVE-2026-21905
A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...
EUVD-2026-2687
A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...
CVE-2026-21905
CVE-2026-21905 affects Juniper Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC. The vulnerability is a loop with an unreachable exit condition in the SIP application layer gateway (ALG) that can be triggered by processing multiple SIP messages over TCP. This causes the flow management...
CVE-2018-18877
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
CVE-2009-4409
The 1 CHAP and 2 MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator PPPAC function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack...
CVE-2021-27596
When a user opens manipulated Autodesk 3D Studio for MS-DOS .3DS files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...
CVE-2023-4537
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
CVE-1999-0360
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...
PT-2026-1631
Name of the Vulnerable Software and Affected Versions Mstoic Shortcodes plugin for WordPress versions prior to 2.1 Description The Mstoic Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the start parameter of the ms youtube embeds shortcode due t...
CVE-2025-15405
PHPEMS has a CSRF vulnerability in versions up to 11.0 due to manipulation of an unknown function, potentially exploitable remotely. Impact is described as high (C) with network attack vector; remediation per PT-2026-1007 is to upgrade to version 11.0 or later.
CVE-2025-15244
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...
CVE-2025-15242
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...
WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability
WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...
CVE-2025-15242
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...
CVE-2025-0657
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...
EUVD-2025-199779
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...
Malicious code in @postman/pretty-ms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2d31f7cbd143304b0472244ba5f73daa6e96abbc923b854d2736c5ea7807d16 The package @postman/pretty-ms was found to contain malicious code. Source: google-open-source-security...
MAL-2025-190910 Malicious code in @postman/pretty-ms (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2d31f7cbd143304b0472244ba5f73daa6e96abbc923b854d2736c5ea7807d16 The package @postman/pretty-ms was found to contain malicious code. Source: google-open-source-security...