CVE-2025-12397 SQL Injection in Looker Studio

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

Exploit for CVE-2025-53072

CVE-2025-53072 & CVE-2025-62481 Vulnerability in the Oracle...

EUVD-2025-27087

Malicious code in bioql PyPI...

EUVD-2025-27287

Malicious code in bioql PyPI...

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

CVE-2025-52035

A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 dated...

CVE-2025-52035

A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 dated...

Solaris 10 (i386): 122260-12

SunOS 5.10: SunOS 5.10x86: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/07/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255270;...

Fedora 37 : python3.9 (2022-6b8b96f883)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-6b8b96f883 advisory. Update to 3.9.16 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2024-33897

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024...

CentOS 9 : dbus-broker-28-7.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the dbus- broker-28-7.el9 build changelog. - An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

SUSE CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

git: exposure of sensitive information to a malicious actor

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

F5 Networks BIG-IP TCP profile vulnerability (K000134652)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

Android Automotive OS Update Bulletin—October 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2023-10-05 or later from the October 2023 Android Security Bulletin in addition to all issues in thi...

Ubuntu 23.04 : libppd vulnerability (USN-6392-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6392-1 advisory. It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a...

CentOS 8 : php:8.0 (CESA-2022:7624)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7624 advisory. - php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 - php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625...

CVE-2022-39253

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2021-0152)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpa...

Juniper Junos OS Buffer Overflow (JSA11142)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11142 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. TRUSTED...