RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

PT-2025-46679

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121 Description An unauthenticated attacker could construct a malicious URL utilizing the retur...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the Astro.url property without validation. An attacker c...

PT-2024-23290 · WordPress · Tomas Wordpress Tooltips

Name of the Vulnerable Software and Affected Versions: Tomas WordPress Tooltips versions prior to 9.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential remote attacks...

AZL-34629 CVE-2024-0684 affecting package coreutils for versions less than 9.4-5

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...

CVE-2022-24392

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feedcommtest” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and...

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...

Ibm Sterling Order Management 跨站脚本漏洞

IBM Sterling Order Management is an order management system that allows companies to seamlessly synchronize and manage the entire lifecycle of orders.A cross-site scripting vulnerability exists in IBM Sterling Order Management versions 9.4, 9.5, and 10.0. An attacker could exploit the vulnerabili...

DEBIAN-CVE-2016-5691

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of 1 pixel.red, 2 pixel.green, and 3 pixel.blue...