PT-2025-37788

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.7 iPadOS versions prior to 18.7 iOS 26 iPadOS 26 Description: The issue was addressed with improved handling of caches. An attacker with physical access to an unlocked device may be able to view an image in the most...

0agent (>=1.0.1 <=1.1.5), 0dot (=0.6.0) +58276 more potentially affected by CVE-2025-59139 via hono (>=4.0.0 <=4.9.6)

hono NPM version =4.0.0, =1.0.1, =1.0.0, =0.1.0, =0.1.0, =0.1.6, =0.1.0, =1.0.0, =0.3.2, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59139 Source advisory: SNYK:JS-HONO-12668833...

Fedora 41 : civetweb (2025-ed25a8b170)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ed25a8b170 advisory. civetweb 1.16 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issu...

Security Updates for Microsoft Word Products C2R (September 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by an information disclosure vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Security Updates for Microsoft Office Products C2R (September 2025)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instea...

Security Updates for Microsoft Visio Products C2R (September 2025)

The Microsoft Visio Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relied on...

CGA-RQ57-8QRX-9FRV

Bulletin has no description...

MINI-RV5P-775M-FG99

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2019-17223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. CVE-2019-17223 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2021-25954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr application, 2.8.1 to 13.0.4 don't restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can...

Linux Distros Unpatched Vulnerability : CVE-2021-25955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr ERP CRM, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store...

Linux Distros Unpatched Vulnerability : CVE-2019-16686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. CVE-2019-16686 Note that Ness...

CVE-2025-10121

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

Metabase 0.41.x < 0.41.9 / 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.41.x < 1.41.9 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host affected by a single sign on SSO access control vulnerability which could allow a user access without going through the SSO IdP. Metabase now blocks password reset for all users who use SSO for their Metabase login. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2025-39700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make su...

Malicious code in plastic-task-note (npm)

The package plastic-task-note was found to contain malicious code...