126531 matches found
ALSA-2026:26533 Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
PT-2026-50433
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...
PT-2026-50432
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Dell PowerFlex Manager versions prior to 4.5.5.2 Description An improper authentication issue allows an unauthenticated attacker with adjacent network access to bypass authentication without...
PT-2026-50477
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-import' endpoint axiosRequestMake could be used as a generic HTTP proxy. The endpoint was reachable without authentication, and its URL-extension allowlist used a regular expressi...
PT-2026-50464
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...
PT-2026-50435
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 5.1.0.1 Description An improper access control issue exists where a low privileged attacker with adjacent network access could potentially exploit the flaw to achieve elevation of privileges and gain...
PT-2026-50463
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...
PT-2026-50443
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Authentication allows an unauthenticated attacker with adjacent network access to potentially gain unauthorized access, leading to information disclosure and informati...
Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8439-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8439-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...
Bosch Security Systems IP Cameras Improper Access Control (CVE-2022-41677)
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...
Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)
An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...
ALSA-2026:26532 Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
ALSA-2026:26534 Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
Fedora 44 : firefox / nss (2026-5eeadd9b1b)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5eeadd9b1b advisory. Update NSS to 3.124.0 Update Firefox to 152.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
EUVD-2026-37206
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...
GHSA-6QHC-X826-342C Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while usin...
Deno: WebSocket API sandbox bypass via missing post-DNS check
Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...
Deno: `fetch()` API sandbox bypass via missing DNS resolution check
Summary When fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP,...
CVE-2026-22313
The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...
CVE-2026-22313 OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...