RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

Astra Linux - уязвимость в puma

Puma is a web server for Ruby/Rack applications designed for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, which allowed HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation,...

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-39365

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

EUVD-2026-19875

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

CVE-2026-2576

The CVE-2026-2576 entry concerns the WordPress plugin “Business Directory Plugin – Easy Listing Directories” (Business Directory Plugin). The vulnerability is a time-based SQL Injection exploitable via the payment parameter in all versions up to and including 6.4.2. It arises from insufficient es...

WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...

VulnCheck KEV: CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

PT-2026-1590

Name of the Vulnerable Software and Affected Versions Recras WordPress plugin versions prior to 6.4.2 Description The Recras WordPress plugin is susceptible to Stored Cross-Site Scripting through the recrasname shortcode attribute. Insufficient input sanitization and output escaping allow...

CVE-2025-55089 Eclipse ThreadX FileX RAM disk driver buffer overflow

In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets...

CVE-2025-55089

Eclipse ThreadX FileX RAM disk driver (FileX) prior to version 6.4.2 contains a buffer overflow in the RAM disk path that can be triggered by crafted network packets via NetX Duo HTTP PUT handling. The overflow arises when the RAM-disk buffer is written without validating that the destination poi...

Eclipse ThreadX FileX 缓冲区错误漏洞

Eclipse ThreadX FileX is a high-performance, FAT-compatible file system from the Eclipse ThreadX open source. A buffer error vulnerability exists in Eclipse ThreadX FileX versions prior to 6.4.2, which stems from a buffer overflow in the FileX RAM disk driver that could lead to remote code...

CVE-2025-39689 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-39689 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter...

Metasoft MetaCRM 安全漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A security vulnerability exists in Metasoft MetaCRM 6.4.2 and earlier versions, which originates from improper handling of the file /env.jsp resulting in information disclosure...

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an incorrect operation of the File parameter in the file mobileupload.jsp that results in an...