GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

BIT-JRE-2024-21003

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

PT-2026-37999

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

Fedora 44 : smb4k (2026-9094afb6f6)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9094afb6f6 advisory. Update to version 4.0.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.

JBoss EAP XP 5.0 Update 4.0 release. See references for release notes. JBoss EAP XP 5.0 Update 4.0 GA release. See references for release notes. Security Fixes: vertx-core: static handler component cache can be manipulated to deny the access to static files eapxp-5 CVE-2026-1002 netty-codec:...

Fedora 43 : wireshark (2025-0e41e63705)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0e41e63705 advisory. New version 4.6.1. Beware of the move of files from /usr/lib64/wireshark/extcap/ to /usr/libexec/wireshark/extcap. Any custom user scripts should be...

Fedora 43 : texlive-base / xpdf (2025-7c5b6a3bcb)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-7c5b6a3bcb advisory. Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900...

Fedora 42 : migrate (2025-57302ba8ea)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-57302ba8ea advisory. - Update to 4.19.0 - Address CVEs by rebuilding with Go 1.24.10 Tenable has extracted the preceding description block directly from the Fedora...

PT-2025-46535

Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application is susceptible to the exposure of database credentials through a world-readable credential file. Successful exploitation allows an attacker to connect to the...

PT-2025-46537

Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application is susceptible to local database modification, potentially allowing an attacker to obtain administrative application privileges. Recommendations Update to version...

Oracle Linux 9 : perl-JSON-XS (ELSA-2025-17162)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-17162 advisory. 1:4.04-1 - Update to 4.04 - Fix CVE-2025-40928 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

Security update for go-sendxmpp (moderate)

openSUSE Security Update: Security update for go-sendxmpp Announcement ID: openSUSE-SU-2025:0332-1 Rating: moderate References: 1241814 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUS...

SUSE-SU-2025:20568-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2024-56664: bpf, sockmap: fix race between element replace and close bsc1235250 - CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in...

CVE-2021-32579

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker who has a local code execution ability to tamper with the micro-service API...

AZL-52207 CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Vulnerabilities fixed in Adobe FrameMaker

Adobe has fixed vulnerabilities in FrameMaker. A malicious party can exploit the vulnerabilities to execute arbitrary code with the victim's privileges, and potentially gain access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue fil...

PT-2024-22325 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.13.39 Contao versions 5.0.0 through 5.3.3 Description: The issue allows inject tags in frontend forms if the output is structured in a very specific way. It is possible to inject insert tags via the form...

PT-2023-26852 · Dell · Dell Rugged Control Center

Name of the Vulnerable Software and Affected Versions: Dell Rugged Control Center versions prior to 4.7 Description: The issue is related to improper access control. A local malicious standard user could potentially exploit this to modify content in an unsecured folder when product installation...

PT-2023-24383 · Ocomon · Ocomon

Name of the Vulnerable Software and Affected Versions: Ocomon versions prior to 4.0.1 Description: An information disclosure issue in the component users-grid-data.php of Ocomon allows attackers to obtain sensitive information such as e-mails and usernames. Recommendations: For versions prior to...

PT-2023-25975 · Unknown +1 · Plexis Archiver +1

Name of the Vulnerable Software and Affected Versions: Plexis Archiver versions prior to 4.8.0 Description: The issue arises when using AbstractUnArchiver for extracting an archive, potentially leading to arbitrary file creation and possibly remote code execution. This occurs when an archive entr...