CVE-2019-20151

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrators. A malicious payload can be injected within the Multi Approval security component and inserted via the Note...

CVE-2023-4865

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-21678

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml. This issue has been patched in version 2.3.1.2...

EUVD-2026-1270

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

RockyLinux 9 : tar (RLSA-2026:0067)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0067 advisory. tar: Tar path traversal CVE-2025-45582 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...

Linux Distros Unpatched Vulnerability : CVE-2022-50874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/erdma: Fix refcount leak in erdmammap rdmausermmapentryget take reference, we should release it when not need anymore, add the missing rdmausermmapentryput...

EUVD-2026-0305

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0335

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0608

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0645

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0699

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

MINI-FVR2-HV3X-8MQR

Bulletin has no description...

Fedora 43 : golang-github-projectdiscovery-mapcidr (2025-1ba6ab39aa)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1ba6ab39aa advisory. Update to 1.1.97 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2025-68948

SiYuan Note (pre-3.5.1) stores session data with a hardcoded cryptographic secret, making session encryption ineffective. The AccessAuthCode is kept in the session cookie, so an attacker who obtains or intercepts that cookie can locally decrypt it with the public key, retrieve the code in plain t...

CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...

PT-2025-53613

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.1 Description SiYuan Note application uses a hardcoded cryptographic secret for its session store, making session encryption ineffective. The AccessAuthCode, stored in the session cookie, can be decrypted by an...

Fedora 43 : retroarch (2025-6e0627440a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e0627440a advisory. Update to 1.22.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2022-50772

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimbusdevnew If deviceregister failed in nsimbusdevnew, the value of reference in nsimbusdev-dev is 1. obj-name in nsimbusdev-dev will not be released. unreferenced object 0xffff88810352c480 size 16...

CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

PT-2025-52975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/MSM/HDMI subsystem. Specifically, a missing check for the return value of alloc ordered workqueue can lead to a NULL pointer dereference in hdmi...