[SECURITY] Fedora 41 Update: python3.9-3.9.21-4.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 40 Update: python3.9-3.9.21-4.fc40

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

CVE-2025-27090

CVE-2025-27090 pertains to Sliver, an open-source adversary emulation framework. The issue is in the reverse port forwarding feature of the Sliver teamserver: the implant can open a reverse tunnel without verifying operator intent. The documented impact is the exposure of the server’s IP address ...

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

This tool tests whether a target PAN-OS device is vulnerable to...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

This tool tests whether a target PAN-OS device is vulnerable to...

kernel: xfrm: fix one more kernel-infoleak in algo dumping

A vulnerability was found in the xfrm module in the Linux Kernel. This issue was discovered during fuzz testing, where uninitialized memory containing potentially sensitive data was inadvertently copied to user-space. This issue occurs when dumping IPsec algorithm data structures, exposing random...

CLSA-2025-1739812360 php: Fix of CVE-2024-8929

CVE-2024-8929: fix various heap buffer over-reads for mysqlnd - Modify spec and run-tests.php to fix extension loading during testing...

Microsoft Security Update Validation Report February 2025

Microsoft’s February 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Web Security Training

This document is aimed at those who want to learn more about web security and application penetration testing. It is coupled with a free course and provides topics with a few bullet points describing what the vulnerability entails, then a screenshot and relevant payload, demonstrating the...

Fedora 41 : chromium (2025-d83e49a948)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d83e49a948 advisory. Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free ...

Fedora 41 : libheif (2025-8fdb7be3cb)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more...

CVE-2025-23789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing |...

CVE-2025-23789

CVE-2025-23789 – Reflected XSS in tahminajannat URL Shortener Root cause: Improper neutralization of input during web page generation in the WordPress URL Shortener (WooCommerce integration). This allows Reflected XSS, affecting WordPress plugins/ WooCommerce incorporation up to version 9.0.2 (pe...

New mandatory USCG cyber regulations. What you need to know

TL;DR US Coast Guard introduces mandatory new Marine Transportation System cybersecurity requirements They take effect on July 16, 2025, and training must begin by July 17, 2025 US flagged large commercial vessels affected Cybersecurity Officers CySO need to be appointed Penetration testing of...

WordPress plugin URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

AlmaLinux 8 : doxygen (ALSA-2025:1314)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1314 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block directly...

Google Chrome < 133.0.6943.98 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 133.0.6943.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202502stable-channel-update-for-desktop12 advisory. - Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allow...

Azure Linux 3.0 Security Update: kernel (CVE-2024-43856)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43856 advisory. - In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmamfreecoherent...

Azure Linux 3.0 Security Update: libarchive (CVE-2024-48957)

The version of libarchive installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48957 advisory. - executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds acce...