Ubuntu: Security Advisory (USN-7783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-56795

CVE-2025-56795 affects Mealie 3.0.1 and earlier, with a stored XSS in the recipe creation feature. Unsanitized input in the note/text fields of the path “/api/recipes/{recipe_name}” is rendered in the frontend without proper escaping, causing persistent XSS. Root cause: lack of input sanitization...

PT-2025-39839

Name of the Vulnerable Software and Affected Versions Mealie versions prior to 3.0.1 Description The software is susceptible to Cross-Site Scripting XSS within the recipe creation feature. User-provided data in the "note" and "text" fields is not adequately sanitized before being displayed on the...

Linux Distros Unpatched Vulnerability : CVE-2025-10925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

PT-2025-39711

Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 Description The package contains a Prototype Pollution issue in the merge function within the merge.js file. This allows modification of the constructor.prototype, potentially leading to...

CVE-2025-60139

Cross-Site Request Forgery CSRF vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through = 6.02...

Fedora 41 : expat (2025-d936540ef5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d936540ef5 advisory. Rebase to 2.7.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Exploit for Heap-based Buffer Overflow in Google Android

This is a PoC exploit for CVE-2020-8899, a memory corruption vulnerability in the Samsung Qmage codec. The exploit targets a Samsung Galaxy Note 10+ phone running Android 10 via MMS. The exploit code is written in Python and requires the following software to be locally installed: Python 3, Netwi...

Cross-site scripting vulnerability in Lectora course navigation

Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...

CVE-2025-10759

Webkul QloApps up to 1.7.0 is affected by a CSRF Token Handler vulnerability. Manipulating the token argument can bypass authorization, potentially enabling remote abuse. The exploit is public. Vendor states a fix will be implemented in the next major release; no specific patched version is provi...

CVE-2024-13151

CVE-2024-13151 is a SQL injection (CWE-89) vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software. All available sources describe the issue as stemming from improper neutralization of special elements in SQL commands, affecting Auto Servic...

MINI-PWMX-3R6C-9M64

Bulletin has no description...

Fedora 43 : lemonldap-ng (2025-27d58d0125)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-27d58d0125 advisory. See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/ Tenable has extracted the preceding description block directly from the Fedora...

Oracle Linux 9 : mysql:8.4 (ELSA-2025-16046)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16046 advisory. mecab mecab-ipadic mysql 8.4.6-1 - Rebase to 8.4.6 8.4.5-1 - Rebase to 8.4.5 rapidjson 1.1.0-19 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

BELL-CVE-2025-39824

Bulletin has no description...

Oracle Linux 8 : glibc (ELSA-2025-20594)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20594 advisory. - CVE-2025-8058: Double free in regcomp RHEL-105326 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

CVE-2024-12913 SQLi in Megatek Communication System's Azora Wireless Network Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about th...

CVE-2025-43203

The issue was addressed with improved handling of caches. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note...