CVE-2025-60933

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

CVE-2025-53054

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-62591

CVE-2025-62591 affects Oracle VM VirtualBox (Core) with affected versions 7.1.12 and 7.2.2. The entry notes a locally exploitable vulnerability requiring HIGH privileges, potentially allowing unauthorized data access or complete access to all VirtualBox data. No remediation/patch details are prov...

uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

YouTube-Scraper-POC

What this repo is The code in this repository is a proof of...

CVE-2025-60933

CVE-2025-60933 affects HR Performance Solutions Performance Pro v3.19.17. The vulnerability is stored XSS in the Future Goals function, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987569 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsockconnect...

EUVD-2025-35170

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

Fedora 42 : runc (2025-c4d00e29b7)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c4d00e29b7 advisory. Update to release v1.3.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

Microsoft ASP.NET Core Security Feature Bypass (October 2025)

The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability. Inconsistent interpretation of http requests 'http request/response smuggling' in...

CVE-2025-11896

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

CVE-2025-59268 BIG-IP Configuration utility vulnerability

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2025-1220)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1220 advisory. Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Giflib Projec...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

PT-2025-46654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Transport Layer Security TLS asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input...

Fedora 41 : openssl (2025-e6f76d56fc)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e6f76d56fc advisory. Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 Tenable has extracted the preceding description block directly from the Fedora security...

Security update for docker-stable

This update for docker-stable fixes the following issues: Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems...

Synapse's invalid device keys degrade federation functionality

Impact Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. Patches Patched in Synapse 1.138.3, 1.138.4,...