CVE-2025-60933

CVE-2025-60933 affects HR Performance Solutions Performance Pro v3.19.17. The vulnerability is stored XSS in the Future Goals function, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, ...

EUVD-2025-35170

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

Fedora 42 : runc (2025-c4d00e29b7)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c4d00e29b7 advisory. Update to release v1.3.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

Microsoft ASP.NET Core Security Feature Bypass (October 2025)

The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability. Inconsistent interpretation of http requests 'http request/response smuggling' in...

CVE-2025-11896

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

CVE-2025-59268 BIG-IP Configuration utility vulnerability

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2025-1220)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1220 advisory. Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Giflib Projec...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

PT-2025-46654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Transport Layer Security TLS asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input...

Fedora 41 : openssl (2025-e6f76d56fc)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e6f76d56fc advisory. Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 Tenable has extracted the preceding description block directly from the Fedora security...

Security update for docker-stable

This update for docker-stable fixes the following issues: Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems...

Synapse's invalid device keys degrade federation functionality

Impact Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. Patches Patched in Synapse 1.138.3, 1.138.4,...

EUVD-2017-16667

Malware in sbrugna...

EUVD-2011-2613

Malware in sbrugna...

EUVD-2012-1430

Malware in sbrugna...

EUVD-2015-8956

Malware in sbrugna...

EUVD-2018-20520

Malware in sbrugna...

EUVD-2021-1905

Malware in sbrugna...