RockyLinux 8 : mariadb-devel:10.3 (RLSA-2026:0698)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0698 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: mariadb-devel:10.3 security update

An update for the mariadb-devel:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...

CVE-2025-14829

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

MiracleLinux 8 : mariadb:10.11 (AXSA:2026-038:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-038:01 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...

MiracleLinux 8 : mariadb:10.5 (AXSA:2026-037:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-037:01 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...

CVE-2025-14829

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-14829 e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-14829 e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-14829

CVE-2025-14829: The WordPress plugin E-xact Hosted Payment (versions up to 2.0) is documented as vulnerable to unauthenticated arbitrary file deletion due to insufficient file-path validation. Attackers without authentication could delete arbitrary server files. Connected sources (PatchSTACK/Jour...

RHEL 7 : mariadb (RHSA-2026:0367)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0367 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

RHEL 8 : mariadb:10.5 (RHSA-2026:0336)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0336 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

WordPress plugin E-xact 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

RHEL 9 : mariadb (RHSA-2026:0351)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0351 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

PT-2026-2350

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

RHEL 8 : mariadb:10.3 (RHSA-2026:0357)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0357 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

RHEL 8 : mariadb:10.3 (RHSA-2026:0333)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0333 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

AlmaLinux 8 : mariadb:10.3 (ALSA-2026:0225)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0225 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...

PT-2026-2278

Name of the Vulnerable Software and Affected Versions Zen MCP Server versions prior to 9.8.2 Description A path traversal issue exists that allows authenticated attackers to read arbitrary files on the system. The issue is due to flawed logic in the is dangerous path validation function, which us...