CVE-2025-60139

Cross-Site Request Forgery CSRF vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through = 6.02...

Fedora 41 : expat (2025-d936540ef5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d936540ef5 advisory. Rebase to 2.7.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Exploit for Heap-based Buffer Overflow in Google Android

This is a PoC exploit for CVE-2020-8899, a memory corruption vulnerability in the Samsung Qmage codec. The exploit targets a Samsung Galaxy Note 10+ phone running Android 10 via MMS. The exploit code is written in Python and requires the following software to be locally installed: Python 3, Netwi...

Cross-site scripting vulnerability in Lectora course navigation

Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...

CVE-2025-10759

Webkul QloApps up to 1.7.0 is affected by a CSRF Token Handler vulnerability. Manipulating the token argument can bypass authorization, potentially enabling remote abuse. The exploit is public. Vendor states a fix will be implemented in the next major release; no specific patched version is provi...

CVE-2024-13151

CVE-2024-13151 is a SQL injection (CWE-89) vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software. All available sources describe the issue as stemming from improper neutralization of special elements in SQL commands, affecting Auto Servic...

MINI-PWMX-3R6C-9M64

Bulletin has no description...

Fedora 43 : lemonldap-ng (2025-27d58d0125)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-27d58d0125 advisory. See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/ Tenable has extracted the preceding description block directly from the Fedora...

Oracle Linux 9 : mysql:8.4 (ELSA-2025-16046)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16046 advisory. mecab mecab-ipadic mysql 8.4.6-1 - Rebase to 8.4.6 8.4.5-1 - Rebase to 8.4.5 rapidjson 1.1.0-19 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

BELL-CVE-2025-39824

Bulletin has no description...

Oracle Linux 8 : glibc (ELSA-2025-20594)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20594 advisory. - CVE-2025-8058: Double free in regcomp RHEL-105326 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

CVE-2024-12913 SQLi in Megatek Communication System's Azora Wireless Network Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about th...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

CVE-2025-43203

CVE-2025-43203 affects Apple iOS and iPadOS (versions prior to 18.7/26). The issue is a cache-handling vulnerability that could allow a local attacker with physical access to an unlocked device to view an image in the most recently viewed locked note. Root cause: improper cache handling that perm...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

ECHO-BE1E-A4ED-B85C

Bulletin has no description...