8338 matches found
org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-10031 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)
org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-10031 Source advisory: OSV:GHSA-HP97-5X6G-Q538...
WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Hiro Code016Hiro in WordPress Plugin Webba Booking versions = 5.1.20...
CVE-2025-54039
Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...
CVE-2025-54039 WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through = 3.0.16...
PT-2025-29761 · WordPress · Toast Plugins Animator
Name of the Vulnerable Software and Affected Versions: Toast Plugins Animator versions n/a through 3.0.16 Description: A Cross-Site Request Forgery CSRF issue exists in Toast Plugins Animator. This allows attackers to perform actions on behalf of unsuspecting users. Recommendations: Update Toast...
openSUSE Security Advisory (SUSE-SU-2025:02302-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02302-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: gstreamer-plugins-base / gstreamer-plugins-base-32bit / etc (SUSE-SU-2025:02302-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02302-1 advisory. - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. -...
Improper Privilege Management vulnerability in Apache Kafka Client
Apache Kafka Clients are vulnerable to improper privilege management due to the use of ConfigProvider plugins that can read from disk or environment variables. This could allow an attacker to read arbitrary contents of the disk and environment variables, potentially escalating from REST API acces...
SUSE SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2025:02303-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02303-1 advisory. - CVE-2025-47183: Fixed out-of-bounds read when parsing mvhd box bsc1244406. Tenable has extracted the preceding description block directly from the...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.3 release.
Red Hat Developer Hub 1.5.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
SUSE-SU-2025:02304-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: CVE-2025-47183: Fixed out-of-bounds read when parsing mvhd box bsc1244406. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
SUSE-SU-2025:02303-1 Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues: - CVE-2025-47183: Fixed out-of-bounds read when parsing mvhd box bsc1244406...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...
SUSE-SU-2025:02302-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...
Jenkins plugins Multiple Vulnerabilities (2025-07-09)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller,...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), com.amazon.jenkins.fleet:ec2-fleet (>=1.0 <=4.2.1.515.v100267825939) +109 more potentially affected by CVE-2025-53650 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=687.v619cb_15e923f)
org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =29.v7c3891a434c3, =1.0, =1.6, =1.4, =1.41.0, =377.vc87a13718939, =57.vde5161ec7aba, =0.17, =60.vce1b19770361, =1.0.43, =1.0.0, =1.27.25 and more Source cves: CVE-2025-53650 Source advisory: OSV:GHSA-9768-HPRV-CRJ5...
CVE-2025-2537
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...