12478 matches found
Advisory ROSA-SA-2026-3208
Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...
Fedora 42 : wireshark (2026-a92f2096cd)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a92f2096cd advisory. New version 4.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Vulnerabilities fixed in Adobe Acrobat Reader
Adobe has fixed vulnerabilities in Adobe Acrobat Reader versions up to 25.001.21265. The vulnerabilities include a Use After Free vulnerability that can be exploited to achieve arbitrary code execution. This vulnerability is triggered when a user opens a maliciously crafted file. In addition, the...
MiracleLinux 9 : nfs-utils-2.5.4-38.el9_7.3 (AXSA:2026-289:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-289:02 advisory. nfs-utils: rpc.mountd in the nfs-utils privilege escalation CVE-2025-12801 Tenable has extracted the preceding description block directly from the MiracleLinu...
CVE-2024-14024
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...
SUSE: Security Advisory (SUSE-SU-2026:20575-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...
Vulnerabilities fixed in Cisco Catalyst SD-WAN Manager
Cisco has fixed several vulnerabilities in the Cisco Catalyst SD-WAN Manager. The vulnerabilities are in the peering authentication mechanisms of the Cisco Catalyst SD-WAN Controller and Manager products. These vulnerabilities allow an unauthenticated remote attacker to bypass the authentication...
django-allauth vulnerable to open redirect
Overview django-allauth is a package for implementing user authentication in Django applications. django-allauth contains the following vulnerability. Open redirect CWE-601 - CVE-2026-27982 Ayato Shitomi of Fore-Z co.ltd and Funabiki Keisuke of GMO Cybersecurity by Ierae, Inc. reported this...
Oracle Linux 9 : valkey (ELSA-2026-3507)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3507 advisory. 8.0.7-1 - Rebase to 8.0.7 for CVE-2026-21863 CVE-2025-67733 Tenable has extracted the preceding description block directly from the Oracle Linux securi...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)
Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Remote code execution due to a directory traversal vulnerability...
RHSA-2026:3493 Red Hat Security Advisory: firefox security update
Bulletin has no description...
OPENSUSE-SU-2026:20290-1 Security update for haproxy
This update for haproxy fixes the following issues: - Update to version 3.2.12+git0.6011f448e - CVE-2026-26081: Fixed a DOS vulnerability in QUIC. bsc1257976 - CVE-2026-26080: Fixed a DOS vulnerability in QUIC. bsc1257976...
Improper file access permission settings in the installers for multiple Soliton Systems products
Overview The installers for multiple products provided by Soliton Systems K.K. contain the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-27653 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
[SECURITY] Fedora 42 Update: firefox-148.0-1.fc42
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...
PT-2026-22226
Name of the Vulnerable Software and Affected Versions osctrl versions prior to 0.5.0 Description osctrl is an osquery management solution. A stored cross-site scripting XSS issue exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript v...
Security Bulletin: Security vulnerabilities may affect IBM Java shipped with TXSeries for Multiplatforms.
Summary Security vulnerabilities may affect IBM Java shipped with TXSeries for Multiplatforms. An update to TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused ...
Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...
Cisco UCS Manager Software Command Injection Vulnerability
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 CVSS v4 score: 8.7, is a case of...