Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

EUVD-2025-50800

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: High...

CVE-2025-8204

A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an...

Device Mode Transition Detected (High)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

CVE-2025-3850

CVE-2025-3850 affects YXJ2018 SpringBoot-Vue-OnlineExam 1.0. The issue is described as improper authentication within the component API processing, enabling remote exploitation with high attack complexity and reported public disclosure. Multiple connected sources reiterate the vulnerability again...

Fedora 40 : abseil-cpp (2025-f1288edd80)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f1288edd80 advisory. Update to 20240116.3 - Fix potential integer overflow in hash container create/resize Tenable has extracted the preceding description block directly from the...

Mozilla Firefox SEoL (67.x)

According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...

Fedora 40 : python-werkzeug (2024-5cf9589726)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5cf9589726 advisory. - Update to 3.0.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Governor relay() functions can be used to bypass voting an directly run critical SecurityCouncilManager functions

Lines of code https://github.com/ArbitrumFoundation/governance/blob/c18de53820c505fc459f766c1b224810eaeaabc5/src/security-council-mgmt/governors/SecurityCouncilNomineeElectionGovernor.sol...

Pydio Cells 4.1.2 Privilege Escalation

Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assignin...

Xmind 2020 Cross Site Scripting / Code Execution

Exploit Title: Xmind 2020 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description:...

Tagstoo 2.0.1 - Stored XSS to Remote Command Execution Vulnerability

Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacOs Software Description: Software to tag folders and files, with...

Xmind 2020 - Persistent Cross-Site Scripting

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...

Marky 0.0.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Marky 0.0.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an editor for markdown with a friendly...

Carel pCOWeb HVAC Modbus Interface Authentication Bypass

Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection

BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

XOOPS CMS 2.5.9 SQL Injection

Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...

PHPads 2.0 SQL Injection

Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...

MeteoTemplate 17.1 Nectarine globalSnow 1.1 Open Redirection

Exploit Title : MeteoTemplate 17.1 Nectarine globalSnow Plugins 1.1 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 07/03/2019 Vendor Homepage : meteotemplate.com Software Download Link :...

WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection

Vulnerability: Unauthenticated Persistent XSS, Blind SQL Injection Affected Software: Forminator Affected Version: 1.5.4 Patched Version: 1.6 CVE: not requested Risk: High Vendor Contacted: 11/25/2018 Vendor Fix: 12/10/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Unauthenticated Persistent...