TencentOS Server 3: tar (TSSA-2023:0024)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0024 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: ghostscript (TSSA-2022:0123)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0123 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Google Chrome < 137.0.7151.55 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 137.0.7151.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 202505stable-channel-update-for-desktop27 advisory. - Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21699)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21699 advisory. - In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flippi...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21637)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21637 advisory. - In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using...

PT-2025-17021 · Unknown · Claire Ryan Author Showcase

Name of the Vulnerable Software and Affected Versions: Claire Ryan Author Showcase versions 1.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an attacker ...

FreeBSD : chromium -- multiple security fixes (789bcfb6-1224-11f0-85f3-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 789bcfb6-1224-11f0-85f3-a8a1599412c6 advisory. Chrome Releases reports: This update includes 13 security fixes: Tenable has extracted the...

FreeBSD : Gitlab -- Vulnerabilities (a435609c-ffd5-11ef-b4e4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a435609c-ffd5-11ef-b4e4-2cf05da270f3 advisory. Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 thi...

PT-2025-6763 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.198 Description: The issue concerns the app/Model/Attribute.php file in MISP, where it ignores an ACL during a GUI attribute search. Recommendations: For versions prior to 2.4.198, update to version 2.4.198 or later...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42080)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42080 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid...

PT-2025-5142 · Papercite · Papercite

Name of the Vulnerable Software and Affected Versions: PAPERCITE versions 0.5.18 and earlier Description: The issue is related to a lack of authorization in PAPERCITE, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions 0.5.18 and...

CVE-2025-23012

Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...

Amazon Linux AMI : rsync (ALAS-2025-1954)

The version of rsync installed on the remote host is prior to 3.0.6-12.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1954 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...

Mozilla Thunderbird SEoL (1.x)

According to its version, Mozilla Thunderbird version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may...

PT-2025-1941 · WordPress · Bu Section Editing Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BU Section Editing WordPress plugin versions 0.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...

PT-2024-36677 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions prior to 1.9.9.5.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2024-11994 · Zendesk · Zendesk Support For Wordpress

Name of the Vulnerable Software and Affected Versions: Zendesk Support for WordPress versions 1.8.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c2fd83e4-b450-11ef-b680-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c2fd83e4-b450-11ef-b680-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: Tenable has...

WordPress plugin The Plus Addons for Elementor Page Builder Lite 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin The Plus...

PT-2024-30798 · Themeum · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding versions 2.1.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themeum WP Crowdfunding, allowing exploitation of incorrectly configured access control security levels. Recommendations...