CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

Appsmith security vulnerabilities

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Versions of Appsmith prior to 1.94 contained security vulnerabilities. These vulnerabilities allowed unauthenticated users to perform unpublished operations, whic...

CVE-2025-6635

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

CVE-2025-24144

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state...

PT-2024-8693 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M23 through 11.0.0-M26 Apache Tomcat versions 10.1.27 through 10.1.30 Apache Tomcat versions 9.0.92 through 9.0.95 Description: The issue is related to incorrect object re-cycling and re-use in Apache Tomcat,...

Fedora 39 : firefox (2023-c92eb29264)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c92eb29264 advisory. - New upstream version 117.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Security Vulnerabilities fixed in Thunderbird 115.2 — Mozilla

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been create...

Relay races, batons, and techniques: How to improve your cloud security posture

In 2008, the US 4x100m relay team was the favorite to win the gold medal at the Beijing Olympics. Not a massive surprise, considering that team included the second fastest athlete in history, Tyson Gay. It was a great shock though when the team blundered on the last exchange, dropping the baton,...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:3073-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3073-1 advisory. - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9421)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9421 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205365 CVE-2021-3656 Tenable has extracted the preceding descripti...

Cross site request forgery (csrf)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

NASA Computers Hacked Repeatedly in Last Two Years

NASA has been hit repeatedly by hackers during the last two years – including an incident where attackers compromised systems at the agency’s Jet Propulsion Laboratory. The situation was revealed in testimony Feb. 29 by NASA Inspector General Paul Martin before the House Science, Space and...