TP-Link's various products have security vulnerabilities

TP-Link Omada Controllers are products of the Chinese company TP-Link. TP-Link Omada Controllers are a series of centralized management platforms. TP-Link Omada Gateways are a series of gateway devices. TP-Link Omada Access Points are a series of access point devices. Several TP-Link products hav...

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-64097

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

SUSE-SU-2026:20126-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported it previously was an experimental feature - AMQP 1.0 is now a core...

OPENSUSE-SU-2026:20082-1 Security update for rabbitmq-server

This update for rabbitmq-server fixes the following issues: Changes in rabbitmq-server: Update to 4.1.5: Highlights - Khepri, an alternative schema data store developed to replace Mnesia, has matured and is now fully supported it previously was an experimental feature - AMQP 1.0 is now a core...

GHSA-95C6-P277-P87G FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...

WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

MiracleLinux 7 : nss-3.36.0-7.el7 (AXSA:2018-3341:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3341:02 advisory. nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello CVE-2018-12384 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : bind-9.16.23-34.el9_7.1 (AXSA:2025-11501:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11501:12 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...

WordPress plugin Newsletter – Sending awesome emails from WordPress with cross-site request forgeing vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

MiracleLinux 9 : edk2-20231122-6.el9_4.2 (AXSA:2024-8600:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8600:07 advisory. EDK2: integer overflow in CreateHob could lead to HOB OOB R/W CVE-2022-36765 edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use...

MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...

MiracleLinux 8 : java-17-openjdk-17.0.4.0.8-2.el8 (AXSA:2022-3706:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3706:04 advisory. OpenJDK: integer truncation issue in Xalan-J JAXP, 8285407 CVE-2022-34169 OpenJDK: class compilation issue Hotspot, 8281859 CVE-2022-21540 OpenJDK:...

MiracleLinux 8 : cloud-init-19.4-11.el8 (AXSA:2021-1222:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1222:01 advisory. cloud-init: Use of random.choice when generating random password CVE-2020-8631 cloud-init: Too short random password length in ccsetpassword in...

MiracleLinux 3 : ruby-1.8.5-22.1.0.1.AXS3 (AXSA:2012-99:1)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-99:1 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 4 : ruby-1.8.7.352-3.0.1.AXS4 (AXSA:2012-54:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-54:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability

WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...