MiracleLinux 8 : postgresql:10 postgresql-10.23-1.module+el8+1581+24b533d8 (AXSA:2023-4747:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4747:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 Tenable has extracted the preceding description block directly fr...

MiracleLinux 3 : tomcat5-5.5.23-0jpp.40.0.1.AXS3 (AXSA:2013-538:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-538:02 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

EUVD-2005-1310

Malware in sbrugna...

EUVD-2011-2705

Malware in sbrugna...

EUVD-2009-1660

Malware in sbrugna...

EUVD-2021-24793

Malware in sbrugna...

EUVD-2012-2233

Malware in sbrugna...

EUVD-2024-44032

Malicious code in bioql PyPI...

EUVD-2021-29335

Malicious code in bioql PyPI...

EUVD-2024-16855

Malicious code in bioql PyPI...

EUVD-2024-32814

Malicious code in bioql PyPI...

PT-2025-27775 · Unknown +1 · Prettyphoto +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library, specifically version 3.1.6, due to insufficient input sanitization and output...

CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

CVE-2023-3642

A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2022-45028

A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...

virtualenv allows command injection through activation scripts for a virtual environment

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

CVE-2024-11385

CVE-2024-11385 affects the WordPress plugin Pure CSS Circle Progress bar (versions ≤ 1.2). The issue is a Stored Cross-Site Scripting vulnerability in the circle_progress shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at lea...

CVE-2024-26073

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...