CBL Mariner 2.0 Security Update: libtiff (CVE-2023-6228)

The version of libtiff installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6228 advisory. - An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat CVE-2025-24813 Proof of Concept PoC !License...

CVE-2025-32387 vulnerabilities

Vulnerabilities for packages: k9s, helm-docs, helm-push, kots, consul-k8s, flux, cilium-cli, helm-operator, cluster-api-helm-controller, tw, eksctl, trivy, flux-helm-controller, zarf, flux-source-controller, chartmuseum, k8ssandra-client, cert-manager-cmctl, chart-testing, rancher-helm, kubescape...

GHSA-4HFP-H4CW-HJ8P vulnerabilities

Vulnerabilities for packages: k9s, helm-docs, helm-push, kots, consul-k8s, flux, cilium-cli, helm-operator, cluster-api-helm-controller, tw, eksctl, trivy, flux-helm-controller, zarf, flux-source-controller, chartmuseum, k8ssandra-client, cert-manager-cmctl, chart-testing, rancher-helm, kubescape...

CVE-2025-32386 vulnerabilities

Vulnerabilities for packages: k9s, helm-docs, helm-push, kots, consul-k8s, flux, cilium-cli, helm-operator, cluster-api-helm-controller, tw, eksctl, trivy, flux-helm-controller, zarf, flux-source-controller, chartmuseum, k8ssandra-client, cert-manager-cmctl, chart-testing, rancher-helm, kubescape...

GHSA-5XQW-8HWV-WG92 vulnerabilities

Vulnerabilities for packages: k9s, helm-docs, helm-push, kots, consul-k8s, flux, cilium-cli, helm-operator, cluster-api-helm-controller, tw, eksctl, trivy, flux-helm-controller, zarf, flux-source-controller, chartmuseum, k8ssandra-client, cert-manager-cmctl, chart-testing, rancher-helm, kubescape...

GHSA-5XQW-8HWV-WG92 vulnerabilities

Vulnerabilities for packages: k8ssandra-client, cluster-api-helm-controller, flux-source-controller, cluster-api-helm-controller-fips, cloudbeat-fips, k9s, flux-helm-controller, flux-fips, k8ssandra-client-fips, trivy, cert-manager-fips, trivy-fips, chart-testing, tw, flux-helm-controller-fips,...

QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems

QuickResponseC2 is a stealthy Command and Control C2 framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS...

Exploit for CVE-2025-2825

It is an exploit module/toolkit targeting CrushedFTP. The tool,...

PVS BIOS based target devices are slow to boot

PVS BIOS based target devices were slow to boot, with following observations: BIOS based target devices often taking tens of minutes to boot successfully, occasionally target devices may fail to boot. The network conditions in standard production network were non optimal for PVS boot performance...

Microsoft Security Update Validation Report April 2025

Microsoft’s April 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

EulerOS 2.0 SP11 : wget (EulerOS-SA-2025-1381)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these...

CLSA-2025-1744301726 libgcrypt: Fix of CVE-2024-2236

Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...

Juniper Junos OS Vulnerability (JSA96458)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96458 advisory. - An Improper Input Validation vulnerability in the CVE-2025-30648 Note that Nessus has not tested for these issues but has instead relied only on the application's...

SUSE CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

Security Updates for Microsoft Excel Products (April 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing.private.utils or other modules that can be leveraged for...

PT-2025-18454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been identified in the Linux kernel related to virtiofs, where in certain scenarios, such as during fuzz testing, the source name may be NULL. This could lead to a...

📄 Blood Bank and Donor Management System 2.4 SQL Injection

Blood Bank and Donor Management System version 2.4 suffers from a remote SQL injection vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, arises from improper restrictions on the visible layers of the user interface. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to improper restrictions on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected informati...