TencentOS Server 3: java-1.8.0-openjdk (TSSA-2022:0005)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0005 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: libsoup (TSSA-2025:0247)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0247 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: ignition (TSSA-2025:0332)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0332 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: redis:6 (TSSA-2025:0449)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0449 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-13189 D-Link DIR-816L gena.cgi genacgi_main stack-based overflow

A vulnerability has been found in D-Link DIR-816L 206b09beta. This affects the function genacgimain of the file gena.cgi. The manipulation of the argument SERVERID/HTTPSID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to th...

CVE-2025-40018 affecting package kernel for versions less than 6.6.112.1-2

CVE-2025-40018 affecting package kernel for versions less than 6.6.112.1-2. An upgraded version of the package is available that resolves this issue...

FreeBSD : Firefox -- Multiple vulnerabilities (a2a815c8-c0b7-11f0-ab42-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a2a815c8-c0b7-11f0-ab42-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1994441 reports: Tenable has extracted the precedi...

PT-2025-46911

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...

HP Integrated Lights-Out Remote Code Execution (CVE-2013-2338)

Unspecified vulnerability on HP Integrated Lights-Out 3 aka iLO3 cards with firmware before 1.57 and 4 aka iLO4 cards with firmware before 1.22, when Single-Sign-On SSO is used, allows remote attackers to execute arbitrary code via unknown vectors. This plugin only works with Tenable.ot. Please...

Siemens SIMATIC and SCALANCE Integer Overflow to Buffer Overflow (CVE-2025-0725)

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. This plugin only works with Tenable.ot. Please...

Mageia: Security Advisory (MGASA-2025-0278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2025-3072 (ALAS-2025-3072)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.472.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3072 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Amazon Linux 2 : curl, --advisory ALAS2-2025-3056 (ALAS-2025-3056)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3056 advisory. Out of bounds read for cookie path NOTE: https://curl.se/docs/CVE-2025-9086.htmlNOTE: Introduced with:...

Microsoft Edge (Chromium) < 142.0.3595.65 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 142.0.3595.65. It is, therefore, affected by multiple vulnerabilities as referenced in the November 6, 2025 advisory. - Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed ...

FreeBSD : chromium -- multiple security fixes (93ff3ebe-bba8-11f0-b3f7-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 93ff3ebe-bba8-11f0-b3f7-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

Tenable Identity Exposure < 3.77.14 Multiple Vulnerabilities (TNS-2025-23)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.14. It therefore contains vulnerable versions of third-party components .NET, SQL Server, and curl. Tenable has upgraded these components to address the potential impact of the issues,...

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29085)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of outdated and vulnerabl...

What Security Teams Need to Know as PHP and IoT Exploits Surge

Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins plugin JDepend 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...