3052 matches found
YARA-X 1.12.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
PT-2026-5061
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...
WordPress plugin Easy Replace Image has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management
Cisco’s announcement that it will sunset Cisco Vulnerability Management Kenna marks a clear inflection point for many security teams. With end-of-sale and end-of-life timelines now defined, and no replacement offering on the roadmap, Kenna customers face an unavoidable decision window. Beyond the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005092)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005092 advisory. In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bnatcb and bnaccb structures To have enough space to write all...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005183)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005183 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able ...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005104)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005104 advisory. In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf ...
CVE-2026-24400
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...
CVE-2026-24400 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...
Description of the security update for Office 2016: January 26, 2026 (KB5002713)
Description of the security update for Office 2016: January 26, 2026 KB5002713 Summary This security update resolves a Microsoft Word security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2026-21509. Note: To apply thi...
Exploit for Improper Input Validation in Intel Ethernet_Diagnostics_Driver_Iqvw32.Sys
iqvw64e-privilege-escalation CVE-2015-2291 Local Privilege Esc...
ens-contracts-bug-62248-pr-509
DNS SEC upgrade repo Summary This repo contains the solut...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37989)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37989 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A networ...
Azure Linux 3.0 Security Update: kernel (CVE-2024-39496)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39496 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to...
CVE-2021-47852
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...
pcs security update
0.10.18-2.0.1.el810.8 - Replaced HAM-logo 0.10.18 - Debrand PCS 0.10.18-2.el810.8 - Fixed CVE-2025-67725, CVE-2025-67726 by patching bundled Tornado Resolves: RHEL-136415, RHEL-136420...
CVE-2026-23885
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...
MiracleLinux 9 : postgresql-13.10-1.el9 (AXSA:2023-5280:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5280:02 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...
MiracleLinux 8 : postgresql:13 (AXSA:2023-5263:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5263:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 postgresql: Client memory disclosure when connecting wit...
curl: Cookie Replacement Use-After-Free Vulnerability
Summary: The cookie replacement logic in lib/cookie.c contains a use-after-free vulnerability in the replaceexisting function. The function modifies a linked list while iterating over it, creating potential for memory corruption in concurrent or complex cookie operations. Vulnerable Code Location...