72 matches found
CVE-2026-41200
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
Exploit for CVE-2026-41200
CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...
CVE-2026-41200
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
CVE-2026-41200
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
EUVD-2026-25158
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
CVE-2026-41200
STIG Manager versions 1.5.10–1.6.7 contain a reflected XSS in OIDC error handling (src/init.js, public/reauth.html) where error and error_description are written to the DOM via innerHTML without escaping. An attacker who composes a malicious redirect URL can cause JavaScript to run in the victim’...
STIG Manager 跨站脚本漏洞
STIG Manager is an information security compliance assessment management tool open source by NUWCDIVNPT. Versions 1.5.10 to 1.6.7 of STIG Manager have a cross-site scripting vulnerability. This vulnerability stems from improper handling of OIDC authentication errors, where innerHTML is written...
PT-2026-34595
STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...
Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...
How to Reset Account Lockout for 'Managed Hardened Repository ISO by Veeam'
Purpose This article documents how to unlock the accounts used with the Managed Hardened Repository ISO by Veeam, veeamsvc or vhradmin, when they become locked out. The Managed Hardened Repository ISO by Veeam deploys Rocky Linux with the DISA STIG security profile, which utilizes faillock to loc...
Security Updates for Microsoft Office Online Server (September 2024)
The Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2024-43465 Note that Nessus has not tested for this iss...
F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...
KB5030213: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2023)
The remote Windows host is missing security update 5030213. It is, therefore, affected by multiple vulnerabilities - DHCP Server Service Denial of Service Vulnerability CVE-2023-38162 - Windows GDI Elevation of Privilege Vulnerability CVE-2023-36804, CVE-2023-38161 - DHCP Server Service Informati...
Dell EMC NetWorker Version Disclosure (DSA-2023-058)
The version of Dell EMC NetWorker installed on the remote Windows host is 19.5 or earlier. It is, therefore, affected by version disclosure vulnerabilities for 'Apache Tomcat' and 'RabbitMQ'. A NetWorker server user with remote access to NetWorker clients can exploit this vulnerability to prepare...
scap-security-guide bug fix and enhancement update
An update is available for scap-security-guide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...
RHEL 9 : sqlite (RHSA-2023:0339)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0339 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...
Autodesk DWG TrueView 2023 < 2023.1.1 RCE
The remote host has an install of Autodesk DWG TrueView version 2023 prior to 2023.1.1. It is, therefore, affected by a remote code execution vulnerability due to DLL search order hijacking. Note that Nessus has not tested for this issue but has instead relied only on the application's...
F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K02694732)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.2. It is, therefore, affected by a vulnerability as referenced in the K02694732 advisory. - When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd...
ImageMagick < 7.0.10-57 Integer Overflow
The remote Windows host has a version of ImageMagick installed that is prior 7.0.10-57. It is, therefore, affected by an integer overflow error in the GetPixelIndex function. An attacker can craft a malicious PDF file that, when processed by ImageMagick, results in undefined behavior or a crash...
Moderate: Red Hat Security Advisory: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]
Updated RHV-M Appliance packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...