174 matches found
CVE-2024-28002
creationtimestamp| type| source ---|---|--- 2026-06-25 12:59:52+00:00| seen| https://bsky.app/profile/royans.bsky.social/post/3mp4icp4drx22...
Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8243-1)
"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8243-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...
CVE-2024-14030
creationtimestamp| type| source ---|---|--- 2026-03-31 13:17:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieb7dtnjm2t 2026-03-31 17:46:53+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mieqarh5eb2a...
CVE-2025-14377 Verve Asset Manager – Plaintext Storage Vulnerabilities
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024...
MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.1.el7.AXS7 (AXSA:2024-8651:24)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8651:24 advisory. - kvm: initialize all of the kvmdebugregs structure before sending it to userspace CVE-2023-1513 - wifi: mac80211: fix MBSSID parsing use-after-free...
MiracleLinux 8 : grafana-9.2.10-20.el8_10 (AXSA:2024-8935:16)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8935:16 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the...
MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.5.el7.AXS7 (AXSA:2024-8953:34)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8953:34 advisory. drm/vmwgfx: Validate the box size for the snooped cursor CVE-2022-36280 USB: eneusb6250: Allocate enough memory for full object CVE-2023-45862...
EUVD-2026-0811
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2024. Notes: none...
Microsoft Excel 缓冲区错误漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
TencentOS Server 4: java-11-konajdk (TSSA-2024:1018)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1018 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-41064)
powerpc/eeh: possible crash when edev-pdev changes. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504739; scriptversion"1.3";...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56532)
ALSA: us122l: OTOH, the current code uses sndcardfree at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. This plugin only works with Tenable.ot. Please visit...
MAL-2025-50525 Malicious code in tiara-lontong36-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93a6f08e2ad4129bacdd9ca909bbc7a6543ae49e687c883b1f8198d21e9d5ad2 The package tiara-lontong36-miaww was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...
MAL-2025-50442 Malicious code in fitri-lodeh52-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 533126ba46fcabbf7796fb5608091a29222097331cddcfd561c7dea634e7a721 The package fitri-lodeh52-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...
MAL-2025-52722 Malicious code in wibowo-keripik89-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba6a592bec973b358195544270c43b9ce60df376dfd3e0f13c0355de5d8f0a79 The package wibowo-keripik89-ruro was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...
RHSA-2024:1920
creationtimestamp| type| source ---|---|--- 2025-10-10 00:08:57+00:00| seen| Telegram/drzo8lHD4sFRIIC6vAjCNsx31IE4pxin2OX5gwcuBTmfvA...
[Extended] Ethics in Computer Security Research: a Data-Driven Assessment of the Past, the Present, and the Possible Future
Ethical questions are discussed regularly in computer security. Still, researchers in computer security lack clear guidance on how to make, document, and assess ethical decisions in research when what is morally right or acceptable is not clear-cut. In this work, we give an overview of the...
US Investment in Spyware Is Skyrocketing
A new report warns that the number of US investors in powerful commercial spyware rose sharply in 2024 and names new countries linked to the dangerous technology...
GHSA-88G3-PV3W-5WMR Liferay Portal is vulnerable to XSS attacks via its remote app title field
A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remot...
CVE-2024-23154
creationtimestamp| type| source ---|---|--- 2025-08-26 21:18:20+00:00| seen| Telegram/SHXLaGilxSH0udbYE6cKfjRyiYE4c-5xoAL-0NfopT8uBdg...