CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

EUVD-2025-37509

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length

A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters. Once such a note is added: Impact - The entire activity stream becomes unviewable UI fails to render. - New...

MINI-RPG7-RX4V-299G

Bulletin has no description...

MINI-C694-RWH4-3XFG

Bulletin has no description...

FreeBSD : python 3.9 -- end of life, not receiving security support (77a0f93a-b71e-11f0-8d86-d7789240c8c2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 77a0f93a-b71e-11f0-8d86-d7789240c8c2 advisory. Unsupported versions: ... End of life: 2025-10-31. Tenable has extracted the preceding description bloc...

MINI-3CMG-57XM-MRR2

Bulletin has no description...

MINI-M27C-2G3V-7JVP

Bulletin has no description...

Fedora 42 : vgrep (2025-6738ea943a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-6738ea943a advisory. Rebuild for CVE-2025-47906. https://pkg.go.dev/vuln/GO-2025-3956 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2025-54605

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption issue 2 of 2...

DEBIAN-CVE-2025-61101

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkrmtitfaddr function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

CVE-2025-61102

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

Fedora 41 : squid (2025-252c9276b3)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-252c9276b3 advisory. - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

CVE-2025-60933

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

CVE-2025-53054

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-62591

CVE-2025-62591 affects Oracle VM VirtualBox (Core) with affected versions 7.1.12 and 7.2.2. The entry notes a locally exploitable vulnerability requiring HIGH privileges, potentially allowing unauthorized data access or complete access to all VirtualBox data. No remediation/patch details are prov...

uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

YouTube-Scraper-POC

What this repo is The code in this repository is a proof of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987569 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsockconnect...