EUVD-2026-4067

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through = 1.5.1...

Azure Linux 3.0 Security Update: python-waitress (CVE-2022-31015)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-31015 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42069)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42069 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-40997)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40997 advisory. - In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22040)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22040 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46672)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46672 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID...

Azure Linux 3.0 Security Update: slf4j (CVE-2012-6708)

The version of slf4j installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2012-6708 advisory. - jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not...

CLSA-2026-1769014791 httpd: Fix of 2 CVEs

CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...

GHSA-94C7-G2FJ-7682 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...

CVE-2026-21965

...

CVE-2026-21922

...

CVE-2025-14883

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-68016. Reason: This candidate is a reservation duplicate of CVE-2025-68016. Notes: All CVE users should reference CVE-2025-68016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

MiracleLinux 7 : libexif-0.6.22-1.el7 (AXSA:2020-584:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-584:04 advisory. libexif: out of bound write in exif-data.c CVE-2019-9278 libexif: out of bounds read due to a missing bounds check in exifdatasavedataentry function ...

MiracleLinux 8 : rsync-3.1.3-19.el8 (AXSA:2022-4191:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4191:08 advisory. zlib: heap-based buffer over-read and overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 Tenable has extracted the preceding...

WordPress AJS Footnotes plugin cross-site scripting vulnerability

WordPress AJS Footnotes plugin is a plugin for WordPress designed to add aesthetically pleasing footnote features to posts or pages. The WordPress AJS Footnotes plugin suffers from a cross-site scripting vulnerability that stems from the lack of valid filtering and escaping of notelistclass and...

CVE-2026-23645

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

CVE-2026-23645

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload

Summary A Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an untrusted source, arbitrary JavaScript code is executed in the context of their authenticate...

GHSA-PCJQ-J3MQ-JV5J SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload

Summary A Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an untrusted source, arbitrary JavaScript code is executed in the context of their authenticate...