TeamT5 ThreatSonar Anti-Ransomware 操作系统命令注入漏洞

TeamT5 ThreatSonar Anti-Ransomware is a proactive and intelligent endpoint detection and response solution from TeamT5. TeamT5 ThreatSonar Anti-Ransomware suffers from an operating system command injection vulnerability that stems from OS command injection and could lead to the execution of...

Ubuntu: Security Advisory (USN-7617-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5958-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP < 8.1.33, 8.2.x < 8.2.29, 8.3.x < 8.3.23, 8.4.x < 8.4.10 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Allmart versions = 1.0.0...

CVE-2025-38109 net/mlx5: Fix ECVF vports unload on shutdown flow

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip ECVF of a BlueField device. In such case the vport acl ingress table is not properly destroyed. ECVF...

Photon OS 5.0: Spdlog PHSA-2025-5.0-0547

An update of the spdlog package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0547. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Mozilla Thunderbird Security Update (mfsa_2025-54) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Update (mfsa_2025-54) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

PHP 8.2.x < 8.2.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.29 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Mozilla Thunderbird ESR Security Update (mfsa_2025-55) - Mac OS X

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

Google Chrome Security Update (stable-channel-update-for-desktop_30-2025-06) - Linux

Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Google Chrome Security Update (stable-channel-update-for-desktop_30-2025-06) - Windows

Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

WordPress Houzez Theme <= 4.0.4 is vulnerable to Local File Inclusion

Software Houzez Type Theme Vulnerable versions = 4.0.4 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53198 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d9a95839ea4d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

Fedora: Security Advisory (FEDORA-2025-509fc3c663)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-53121

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-52893

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...