CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

MiracleLinux 9 : skopeo-1.20.0-3.el9_7 (AXSA:2026-230:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-230:01 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustio...

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-41618

Name of the Vulnerable Software and Affected Versions Drupal Facets versions prior to 2.0.10 Drupal Facets versions prior to 3.0.1 Description A flaw exists in Drupal Facets that allows for Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. T...

Fedora 42 : kea (2025-92b4ae7199)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-92b4ae7199 advisory. - New version 3.0.1 rhbz2391289 - Fixes CVE-2025-40779 rhbz2391373 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2025-30171 Admin Authorized System File Deletion

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

WordPress CAMOO SMS plugin <= 3.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin CAMOO SMS versions = 3.0.1...

CVE-2024-10825

The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2022-43772

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs...

PT-2022-24070 · Phicomm · Phicomm Fir151B A2 +3

Name of the Vulnerable Software and Affected Versions: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers version 3.0.1.17 Description: The issue is related to a remote command execution vulnerability. This vulnerability can be exploited via the pingAddr parameter of the tracert...

CVE-2022-30122

creationtimestamp| type| source ---|---|--- 2022-07-23 06:11:11+00:00| seen| https://t.me/ctinow/55936 2022-12-06 00:40:34+00:00| seen| https://t.me/cibsecurity/54041 2025-12-29 06:18:32+00:00| seen| https://bsky.app/profile/securitycipher.bsky.social/post/3mb46v7hjcv2h...

CVE-2022-30155

Windows Kernel Denial of Service Vulnerability...

CVE-2022-30412

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/updatestatus.php?id=...

CVE-2022-0692

Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1...

CVE-2022-0301

creationtimestamp| type| source ---|---|--- 2022-02-14 14:38:45+00:00| seen| https://t.me/cibsecurity/37413...

OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

IBM Security Key Lifecycle Manager Account Management Vulnerability

IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. An account management vulnerability exists in IBM...

IBM Security Key Lifecycle Manager Account Issue Vulnerability

IBM Security Key Lifecycle Manager Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. An account issue vulnerability exists in IBM Security K...