Fedora 41 : udisks2 (2025-809971541d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-809971541d advisory. Harden temporary private mounts 2373301 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

PT-2025-26688

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.3 Description Gogs, an open-source self-hosted Git service, contains a flaw where unprivileged user accounts can execute arbitrary commands on the Gogs instance. This is due to an insufficient patch for a previous...

Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600108 fixes several issues. The following security issues were fixed: CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing bsc1233708...

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...

CVE-2025-38054 ptp: ocp: Limit signal/freq counts in summary output functions

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...

TencentOS Server 4: tomcat (TSSA-2024:1056)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1056 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: patch (TSSA-2022:0056)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0056 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: moby (TSSA-2024:0823)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

PT-2025-24984 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

WordPress Simple Membership plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by bintable in WordPress Plugin Simple Membership versions = 4.6.3...

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Other issues fixed: Multi-threaded application hang...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus is vulnerable to CVE-2025-4447

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update, plus CVE-2025-4447. For more information please refer to Oracle's April 2025 CPU Advisory and the CVE links referenced below...

UBUNTU-CVE-2025-37992

In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during -change Previously, when reducing a qdisc's limit via the -change operation, only the main skb queue was trimmed, potentially leaving packets in the gsoskb list. This could result in NULL...

CVE-2024-37898

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the pag...

CVE-2024-55652

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-35085

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution RCE. Affected Products: All UniFi Access Points Version 6.5.50 and earlier All UniFi Switches Version...

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...