PT-2025-53400

CVE-2025-48863 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-48863 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

MINI-95JJ-2W4G-HCJ6

Bulletin has no description...

Fedora 42 : util-linux (2025-fc18ab1e37)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fc18ab1e37 advisory. - fix setpwnam buffer use CVE-2025-14104 - libblkid: use snprintf instead of sprintf Tenable has extracted the preceding description block directly from the...

Fedora 43 : containernetworking-plugins (2025-294d534170)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-294d534170 advisory. Update to release v1.9.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin

The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation...

EUVD-2025-203911

Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available...

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

Fedora 42 : python3.14 (2025-d5dffbf048)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d5dffbf048 advisory. This is the second maintenance release of Python 3.14 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : golangci-lint (2025-cc4c533b49)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc4c533b49 advisory. Latest version - This build with the latest golang should also fix all the Go CVEs, although I did verify how/if this package is affected by these...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2025:4373-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4373-1 advisory. This update for container-suseconnect rebuilds it against current go security release. Tenable has extracted the preceding description block...

Zoom Rooms < 6.6.0 Vulnerability (ZSB-25051)

The version of Zoom Rooms installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25051 advisory. - External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a...

Fedora 43 : apptainer (2025-cf169a01e8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cf169a01e8 advisory. Apply fuse2fs patches that were accidentally empty ---- Update to upstream 1.4.5, including a fix for CVE-2025-65105 Tenable has extracted the preceding...

Fedora 43 : yarnpkg (2025-de6cf573f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-de6cf573f0 advisory. Fix CVE-2205-64756. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2025-345-01)

The version of mozilla-thunderbird installed on the remote host is prior to 140.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-345-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues...

Exploit for Deserialization of Untrusted Data in Facebook React

This is a Next.js project bootstrapped wit...

MINI-PF63-PXQ4-GC52

Bulletin has no description...

CVE-2025-67488 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...

CVE-2025-14325

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...