RHCOS 4 : OpenShift Container Platform 4.5.4 jenkins-2-plugins (RHSA-2020:3207)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3207 advisory. - jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts CVE-2020-2190 Note that Nessus has no...

CVE-2026-24955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through = 1.9...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

EUVD-2007-3725

Malware in sbrugna...

EUVD-2024-32884

Malicious code in bioql PyPI...

EUVD-2024-27135

Malicious code in bioql PyPI...

EUVD-2022-45265

Malicious code in bioql PyPI...

EUVD-2024-27683

Malicious code in bioql PyPI...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-2537

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Amazon Linux 2 : cni-plugins (ALAS-2025-2882)

The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2882 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare...

NewStart CGSL MAIN 7.02 : gstreamer1-plugins-bad-free Vulnerability (NS-SA-2025-0083)

The remote NewStart CGSL host, running version MAIN 7.02, has gstreamer1-plugins-bad-free packages installed that are affected by a vulnerability: - GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

CVE-2019-20864

An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account...

CVE-2024-5878

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-5878 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-13420

CVE-2024-13420 is documented as a vulnerability in the WordPress ecosystem where the Smart Framework family (Beyot Framework, Benaa Framework, Auteur Framework, April Framework) suffers from missing authorization checks on AJAX actions (e.g., gsf_reset_section_options, gsf_create_preset_options)....

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

Fedora 40 : containernetworking-plugins (2025-f87fe38331)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f87fe38331 advisory. Resolve FTBFS and rhbz2351926 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...