29869 matches found
CVE-2026-8276
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...
PT-2026-39753
Name of the Vulnerable Software and Affected Versions CloudNativePG versions prior to 1.28.3 CloudNativePG versions prior to 1.29.1 Description The metrics exporter in CloudNativePG opens a PostgreSQL connection as the postgres superuser via the pod-local Unix socket and subsequently demotes the...
PT-2026-39722
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...
Linux Distros Unpatched Vulnerability : CVE-2026-8275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file...
RockyLinux 9 : freeipmi (RLSA-2026:14819)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:14819 advisory. freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 Tenable has extracted the preceding description block directly from the RockyLinux...
Unity Linux 20.1060e / 20.1070e Security Update: git (UTSA-2026-017652)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017652 advisory. Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with...
Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017432)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017432 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway...
Oracle Linux 9 : glib2 (ELSA-2026-15971)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15971 advisory. 2.68.4-18.2 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 8 : glib2 (ELSA-2026-15953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15953 advisory. 2.68.4-169 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...
CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...
EUVD-2022-55969
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...
CVE-2021-47947
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 - No gcc required Privilege escalation to root vi...
Fedora 44 : nextcloud (2026-cb5661d883)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cb5661d883 advisory. 33.0.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 44 : dotnet10.0 (2026-32952baba5)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-32952baba5 advisory. Update to .NET SDK 10.0.107 and Runtime 10.0.7 Fixes: CVE-2026-40372 Release Notes: - SDK:...
MiracleLinux 8 : kernel-4.18.0-553.121.1.el8_10 (AXSA:2026-577:31)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-577:31 advisory. kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 Tenable has extracted the preceding description block directly from the MiracleLin...
CVE-2026-8212
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...
OESA-2026-2244 apache-mina security update
Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...
OESA-2026-2243 apache-mina security update
Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...
CVE-2026-8185
A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...