CVE-2025-40164 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-40164 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3174 (ALAS-2026-3174)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3174 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

CVE-2026-1578 HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

CVE-2026-1578 HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103100)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103100 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...

PT-2026-7994

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities...

HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting XSS when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. Update your application...

JetBrains Hub 访问控制错误漏洞

JetBrains Hub is a web-based application developed by Czech company JetBrains. This program allows for the integration of various JetBrains tools. Versions of JetBrains Hub prior to 2025.3.119807 contained a access control vulnerability caused by an authentication bypass, which could lead to the...

CVE-2026-24940 WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

Azure Linux 3.0 Security Update: pcp (CVE-2024-45770)

The version of pcp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45770 advisory. - A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has acces...

AZL-74778 CVE-2026-0992 affecting package libxml2 for versions less than 2.10.4-10

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...

PT-2026-1950

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.9 and earlier Description The software has a flaw due to reliance on a vulnerable third-party component, which allows for DOM-Based Cross-Site Scripting XSS. DOM-Based XSS occurs when client-side scrip...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-089 (ALASDOCKER-2025-089)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-089 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2025-091 (ALASDOCKER-2025-091)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-091 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdoma...

UBUNTU-CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

Mozilla Firefox < 3.0.16

The version of Firefox installed on the remote Windows host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticate...

CVE-2025-68065

CVE-2025-68065 affects WordPress Hub Core hub-core (

CVE-2025-13127 XSS in TACAS Consulting's GoldenHorn

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS.This issue affects GoldenHorn: before 4.25.1121.1...

CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...