Wago CODESYS V2 Runtime Toolkit Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-34595)

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. This plugin only works with Tenable.ot. Please visit...

PT-2025-36378

Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application RAS TA, potentially leading to a read or...

AZL-66938 CVE-2025-39686 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-39686 comedi: Make insn_rw_emulate_bits() do insn->n samples

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-38715

In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfsbnoderead This patch introduces isbnodeoffsetvalid method that checks the requested offset value. Also, it introduces checkandcorrectrequestedlength method that checks and correct the requested...

Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

...

CVE-2025-36903

In lwisiobufferwrite, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

nvme-fabrics: use reserved tag for reg read/write command

...

CVE-2025-7731

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product...

VulnCheck KEV: CVE-2023-2163

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

PUB-A-418224726

In lwisiobufferwrite of TBD, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2020-11739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barrie...

Linux Distros Unpatched Vulnerability : CVE-2021-36133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure Wor...

CVE-2024-13987

CVE-2024-13987 concerns the Synology RADIUS Server, where an issue of improper input neutralization during web page generation enables a cross-site scripting (XSS) vulnerability. This affects versions prior to 3.0.27-0139, and is exploitable by remote authenticated users with administrator privil...

CVE-2024-13987

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors...

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

Linux Distros Unpatched Vulnerability : CVE-2022-26362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

Linux Distros Unpatched Vulnerability : CVE-2017-11654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remo...

PT-2025-34890 · Cisco · Cisco Nx-Os

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...