AlmaLinux 9 : libtiff (ALSA-2025:20956)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20956 advisory. libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 Tenable has extracted the preceding descripti...

Fedora 43 : fvwm3 (2025-a5cdd30644)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a5cdd30644 advisory. FVWM3 ver. 1.1.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 43 : suricata (2025-a366512b23)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a366512b23 advisory. Upstream security/bugfix release. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

CVE-2025-60671

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linuxvlanreinit file. The vulnerability occurs because content read from this file is only partially validated for a...

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

Siemens SIMATIC S7-1500 Buffer Copy without Checking Size of Input (CVE-2023-0687)

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

Fedora 44 : docker-buildx (2025-0e21b6af8e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e21b6af8e advisory. Automatic update for docker-buildx-0.30.0-1.fc44. Changelog Wed Nov 12 2025 Bradley G Smith - 0.30.0-1 - Update to release v0.30.0 - Resolves:...

MAL-2025-179551 Malicious code in anais-papoa-0iaia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12c5097d8119b14a5fe2d44795ec0dae5e1af22dfd66c4e8c52306d04e93e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12447

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

GHSA-G4MF-96X5-5M2C Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

CVE-2025-12527

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

F5 Networks BIG-IP : BIND vulnerability (K000157334)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000157334 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

CVE-2025-12527

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

AI SDK 安全漏洞

AI SDK is a TypeScript AI toolkit open-sourced by Vercel. A security vulnerability exists in AI SDK versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta, which stems from the possibility that a user could bypass the file type whitelist to upload a file...

Fedora 41 : fontforge (2025-cb6d4788a8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cb6d4788a8 advisory. CVE-2025-50949 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

[SECURITY] Fedora 43 Update: rust-collection_literals-1.0.3-1.fc43

Easy-to-use macros for initializing any collection...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990271 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed t...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989588)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989588 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephreaddir when notelastdentry returns error Reset the lastreaddir at t...