firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

Fedora 42 : tinygltf (2025-ac8ed4a110)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ac8ed4a110 advisory. Update to 2.9.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

Exploit for CVE-2025-55182

🔔 ⚠️Unauthorized penetratio...

Fedora 43 : gi-loadouts / kf6-kcoreaddons / kf6-kguiaddons / kf6-kjobwidgets / etc (2025-0cc929ff17)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-0cc929ff17 advisory. PySide6 6.10.1 update. ---- Pyside6 6.10.1 release. ---- Rebuilt with stbimage patched for two new security bugs. Tenable has extracted the preceding...

CVE-2023-52491

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

RHEL 7 : bind (RHSA-2025:22205)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22205 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

Fedora 43 : migrate (2025-427af3b610)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-427af3b610 advisory. - Update to 4.19.0 - Address CVEs by rebuilding with Go 1.25.4 Tenable has extracted the preceding description block directly from the Fedora securi...

MINI-6CCX-5332-8J58

Bulletin has no description...

Cross-site Scripting (XSS)

Overview jquery-multifile is a jQuery Multiple File Selection Plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file name processing. An attacker can execute arbitrary scripts in the context of a victim's browser by providing a file with a specially craft...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Fedora 43 : kubernetes1.34 (2025-f32b1debd8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f32b1debd8 advisory. - Update to release v1.34.2 - Resolves: rhbz2398589, rhbz2398850, rhbz2399251, rhbz2399524 - Resolves: rhbz2407790, rhbz2408060, rhbz2408317,...

GLSA-202511-03 : qtsvg: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202511-03 qtsvg: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from...

MINI-3VP5-G94W-VGXQ

Bulletin has no description...

Amazon Linux 2023 : firefox (ALAS2023-2025-1284)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1284 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

MINI-VCFF-MR56-H8CM

Bulletin has no description...

Amazon Linux 2023 : lz4, lz4-devel, lz4-libs (ALAS2023-2025-1266)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1266 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

CVE-2025-63205

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...

CVE-2025-13145

creationtimestamp| type| source ---|---|--- 2025-11-19 09:04:13+00:00| seen| https://gist.github.com/Darkcrai86/5b2c675d4edba3f6d1a4a40e826bcf6b...

AlmaLinux 9 : libtiff (ALSA-2025:20956)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20956 advisory. libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 Tenable has extracted the preceding descripti...