TencentOS Server 3: go-toolset (TSSA-2023:0116)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0116 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Schneider Electric Modicon M340 Controller and Communication Modules Improper Input Validation (CVE-2025-6625)

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable...

TencentOS Server 3: container-tools:rhel8 (TSSA-2025:0301)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0301 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: buildah (TSSA-2025:0571)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0571 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-13147

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147 External Service Interaction (DNS)

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147 External Service Interaction (DNS)

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

CVE-2025-13147

CVE-2025-13147 concerns Progress MOVEit Transfer. A(Server-Side) SSRF vulnerability exists in MOVEit Transfer core handling, affecting versions before 2024.1.8 and 2025.0.0 up to before 2025.0.4. The issue allows an attacker to cause the server to make unauthorized requests, potentially accessing...

Security Bulletin: Eventlet Pre-0.40.3 HTTP Trailer Parsing Flaw Enables HTTP Request Smuggling

Summary Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch...

Progress MOVEit Transfer 代码问题漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A code issue vulnerability exists in Progress MOVEit Transfer versions prior to 2024.1.8 and 2025.0.0 through 2025.0.4, which stems from vulnerability to server-side request forgery attacks...

PT-2025-47528

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions prior to 2024.1.8 Progress MOVEit Transfer versions 2025.0.0 through 2025.0.3 Description A Server-Side Request Forgery SSRF vulnerability exists in Progress MOVEit Transfer. This type of issue allows an...

CVE-2025-58121

CVE-2025-58121 involves insufficient permission validation on multiple REST API endpoints in Checkmk, affecting versions 2.2.0, 2.3.0 and 2.4.0 prior to 2.4.0p16. The issue allows low-privilege users to perform unauthorized actions or access sensitive information. Remediation: upgrade to Checkmk ...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

SolarWinds Serv-U 路径遍历漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software from SolarWinds Corporation. SolarWinds Serv-U suffers from a path traversal vulnerability that stems from a path restriction bypass, which could allow an attacker with administrator privileges to execute code in a directory...

Siemens SIPROTEC 4 and SIPROTEC 4 Compact Improper Check For Unusual or Exceptional Conditions (CVE-2024-52504)

Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted. This plugin only works with Tenable.ot. Please visit...

CLSA-2025-1763374645 varnish: Fix of 2 CVEs

CVE-2024-30156: fix HTTP/2 flow control vulnerability allowing window credit exhaustion Broke Window Attack causing potential denial of service - CVE-2025-47905: fix client-side request smuggling via malformed HTTP/1 chunked requests...

Maxum Rumpus FTP Server 输入验证错误漏洞

Maxum Rumpus FTP Server is an FTP server software from Maxum. An input validation error vulnerability exists in Maxum Rumpus FTP Server version 9.0.12 that stems from improper input validation...

Maxum Rumpus FTP Server 跨站脚本漏洞

Maxum Rumpus FTP Server is an FTP server software from Maxum. A cross-site scripting vulnerability exists in Maxum Rumpus FTP Server version 9.0.12, which stems from improper input neutralization and could lead to cross-site scripting attacks...