DRUPAL-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

Linux Distros Unpatched Vulnerability : CVE-2026-45031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check ...

CVE-2026-48215

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...

Fedora 44 : pdns-recursor (2026-db1ef256e0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-db1ef256e0 advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

CVE-2026-1453

CVE-2026-1453 affects the KiloView Encoder Series. The issue is a missing authentication for a critical function that allows an unauthenticated attacker to create or delete administrator accounts, granting full administrative control over the product. Public sources (NVD/Red Hat/CISA/EUVD/PT-Secu...

MiracleLinux 7 : tomcat-7.0.76-11.el7 (AXSA:2020-4508:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4508:01 advisory. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability CVE-2020-1938 Tenable has extracted the preceding description block directly from the MiracleLinu...

PT-2025-49312

🔔 NEW CVE ALERT: CVE-2025-66536 is a high-risk vulnerability CVSS v3: 9.1 with limited details available. Remote exploitation & major impact possible. Cyber pros, stay alert! Monitor updates, patch, & prepare. 🛡️ Cybersecurity CVEAlert https://t.co/eMhym5axa9...

WordPress WooCommerce Designer Pro plugin <= 1.9.26 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Designer Pro versions = 1.9.26...

CVE-2025-6978

Diagnostics command injection vulnerability...

EUVD-2005-0418

Malware in sbrugna...

EUVD-2018-12886

Malware in sbrugna...

EUVD-2025-5073

Malicious code in bioql PyPI...

EUVD-2018-11911

Malicious code in bioql PyPI...

WordPress Social Media Shortcodes plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Social Media Shortcodes versions = 1.3.1...

WordPress Credit Card Experience Theme <= 1.2.15 is vulnerable to Local File Inclusion

Software Credit Card Experience Type Theme Vulnerable versions = 1.2.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 660aaadb7556 Credits Tran Nguyen Bao Khanh VCI - VNPT...

CVE-2025-58204

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through = 4.2.5...

Linux Distros Unpatched Vulnerability : CVE-2021-4160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves...

CVE-2025-38533 net: libwx: fix the using of Rx buffer DMA

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wxrxbuffer structure contained two DMA address fields: 'dma' and 'pagedma'. However, only 'pagedma' was actually initialized and used to program the Rx descriptor. But 'dma' was...

GHSA-R4MG-4433-C7G3 Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...