63 matches found
Ubuntu 25.10 / 26.04 LTS : Cyborg vulnerabilities (USN-8413-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8413-1 advisory. It was discovered that Cyborg did not properly enforce project ownership in the Accelerator Request ARQ API. An authenticated user could possibly...
Ubuntu 25.10 / 26.04 LTS : libjxl vulnerability (USN-8397-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8397-1 advisory. It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash,...
Microsoft Windows Hotpatch Monitoring Service 缓冲区错误漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows Hotpatch Monitoring Service has a buffer error vulnerability. The following products and versions are affected: Windows Server 2025 Server Core installation, Windows 11 Versi...
CVE-2008-5341 vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9, openjdk-21-openj9...
CVE-2007-3716 vulnerabilities
Vulnerabilities for packages: openjdk-17-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9, openjdk-21-openj9...
CVE-2026-22018 vulnerabilities
Vulnerabilities for packages: openjdk, openjdk-17-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9, openjdk-21-openj9...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
Microsoft Windows Kernel 安全漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...
UBUNTU-CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
CVE-2025-14213 Cato's Socket WebUI is vulnerable to OS Command Injection
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...
SUSE SLES15 / openSUSE 15 Security Update : helm (SUSE-SU-2026:0948-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0948-1 advisory. This update for helm rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding description...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2026:0949-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0949-1 advisory. This update for runc rebuilds it against the current go 1.25 security release. Tenable has extracted the...
SUSE-SU-2026:0950-1 Security update for docker
This update for docker rebuilds it against the current go 1.25 security release...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 25.0 contained a cross-site scripting vulnerability. This vulnerability occurred because user inputs were passed directly to JavaScript without being escaped, allowing them...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 25.0 contained security vulnerabilities. These vulnerabilities stemmed from the install/checkConfiguration.php endpoint, which allowed unverified attackers to complete...
CVE-2026-3873
Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0...
CVE-2026-29795
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...
CVE-2026-2409
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1...
Ubuntu 25.10 : Pillow vulnerability (USN-8047-1)
The remote Ubuntu 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8047-1 advisory. Yarden Porat discovered that Pillow incorrectly handled certain malformed PSD images. An attacker could use this issue to cause Pillow to crash, resulting in a denial...
CVE-2026-21325
CVE-2026-21325 affects After Effects versions 25.6 and earlier. It is an out-of-bounds read vulnerability triggered while parsing a crafted file, potentially allowing code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. ...