JLSEC-2026-198

nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file...

Security Bulletin: A vulnerability in zlib affects IBM License Metric Tool v9 scanner (CIT)

Summary There is a vulnerability in the zlib component used by IBM License Metric Tool v9 scanner CIT Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that ha...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: yaml-cpp (UTSA-2025-991022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991022 advisory. The function Token& Scanner::peek in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service assertion failure and application...

EUVD-2017-3123

Malware in sbrugna...

EUVD-2025-25228

Malicious code in bioql PyPI...

CVE-2025-57950

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Glen Scott Plugin Security Scanner plugin-security-scanner allows Stored XSS.This issue affects Plugin Security Scanner: from n/a through = 2.0.2...

CVE-2025-21015

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege...

CVE-2025-21015

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege...

CVE-2025-21015

CVE-2025-21015 describes a path traversal vulnerability in Document scanner prior to SMR Aug-2025 Release 1, allowing local attackers to delete files using the scanner’s privileges. Affected software: Document scanner on Samsung mobile devices (pre-SMR Aug-2025 Release 1). Root cause: path traver...

PT-2025-32106 · Unknown · Document Scanner

Name of the Vulnerable Software and Affected Versions: Document scanner versions prior to SMR Aug-2025 Release 1 Description: A path traversal issue exists in Document scanner prior to SMR Aug-2025 Release 1, allowing local attackers to delete files with Document scanner’s privileges...

CVE-2025-5346

Bluebird devices expose an unsecured broadcast receiver (kr.co.bluebird.android.bbsettings.BootReceiver) in a pre-loaded barcode scanner app. A local attacker can call this receiver to overwrite a file containing the string ".json" with a default barcode config, due to lack of protection against ...

RockyLinux 9 : postfix (RLSA-2024:9243)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9243 advisory. postfix: SMTP smuggling vulnerability CVE-2023-51764 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note th...

Linux Distros Unpatched Vulnerability : CVE-2024-26973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fat: fix uninitialized field in nostale filehandles When fatencodefhnostale encodes file handle without a parent it stores only first 10 bytes of the file handl...

PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

Sitecore 8.x < 10.4 Arbitrary File Read

Sitecore CMS version 8.x 10.4 are affected by an incorrect path access check vulnerability allowing unauthenticated remote attackers to read arbitrary files on the affected host. No source data...

Qnap QTS and myQNAPcloud SQL Injection (CVE-2024-21901)

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 2023/11/24 and later QTS...

Photon OS 4.0: Gnutls PHSA-2023-4.0-0337

An update of the gnutls package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0337. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2024:4420)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4420 advisory. qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write CVE-2024-4467 Tenable has extracted the preceding description block directly from the AlmaLinux...

Check Point Quantum Gateway Directory Traversal

Check Point Quantum Gateway has a vulnerability that allows an unauthenticated attacker to access sensitive information by sending a specifically forged request. No source data...

SUSE CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...