ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

CVE-2025-12386

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

EUVD-2025-206411

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

EUVD-2025-206410

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

CVE-2025-67683

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-58060)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58060 advisory. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004352)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004352 advisory. In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional...

Fedora 42 : firefox (2026-0136a5ab4e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0136a5ab4e advisory. - New upstream release 147.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 43 : libpcap (2026-274010c760)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-274010c760 advisory. New version 1.10.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

SUSE CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

CVE-2023-54016

A flaw was found in the Linux kernel's ath12k Wi-Fi driver. This memory leak vulnerability occurs because the driver allocates memory for receive and transmit descriptors during initialization but fails to free this memory during cleanup. A local attacker could exploit this by repeatedly triggeri...

MAL-2025-192723 Malicious code in chai-as-tested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfbc69e8b6f340614b2fdd5378d7f730a4d79e03499a7e41b578028ad970e4eb The package chai-as-tested was found to contain malicious code...

EUVD-2025-204930

Malicious code in chai-as-tested npm...

Malicious code in chai-as-tested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfbc69e8b6f340614b2fdd5378d7f730a4d79e03499a7e41b578028ad970e4eb The package chai-as-tested was found to contain malicious code...

CVE-2025-65007

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

CVE-2025-65011

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...