CentOS 9 : libpng-1.6.37-14.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libpng-1.6.37-14.el9 build changelog. - heap buffer over-read in pngimagewritebit RHEL-147356 CVE-2026-22801 - heap buffer over-read in pngimagefinishread RHEL-149000...

PT-2026-6585

Name of the Vulnerable Software and Affected Versions ProficySCADA for iOS version 5.0.25920 Description The application is susceptible to a denial of service condition. An attacker can cause the application to crash by manipulating the password input field. Specifically, overwriting the field wi...

PT-2025-44305

Name of the Vulnerable Software and Affected Versions ThreatFire System Monitor version 4.7.0.53 Description A flaw exists in the kernel driver of ThreatFire System Monitor that allows for privilege escalation and arbitrary command execution. This is due to insecure access control through an...

EUVD-2025-15453

Malicious code in bioql PyPI...

EUVD-2024-1003

Malicious code in bioql PyPI...

EUVD-2022-5937

Malicious code in bioql PyPI...

Acclaim Systems USAHERDS Hard-Coded Credentials (CVE-2021-44207)

The version of Acclaim Systems USAHERDS running on the remote host may be missing a vendor supplied patch. It is possible, therefore, that it is affected by a vulnerability: it might use hard-coded credentials. Note that Nessus has not tested for this issue. %NASLMINLEVEL 80900 C Tenable, Inc...

PT-2025-28976 · WordPress · Lana Downloads Manager

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0 Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes...

RARLabs WinRAR Directory Traversal Vulnerability (Jun 2025) - Windows

WinRAR is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rarlab:winrar";...

Important: libsoup

Issue Overview: A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper...

PT-2025-24939 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is related to an Improper Authorization flaw that could result in Privilege escalation. A low-privileged attacker could leverage this to bypass security measures and...

PT-2025-24460 · WordPress · Bodycenter - Gym

Name of the Vulnerable Software and Affected Versions: BodyCenter - Gym, Fitness WooCommerce WordPress Theme versions n/a through 2.4 Description: The issue affects the BodyCenter - Gym, Fitness WooCommerce WordPress Theme, allowing for PHP Local File Inclusion due to improper control of filename...

PT-2025-24109 · WordPress · Wp Post Corrector

Name of the Vulnerable Software and Affected Versions: WP Post Corrector versions 1.0.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations...

Fedora: Security Advisory (FEDORA-2024-2e8c63e8bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery CSRF, which can be exploited by adversaries to target internal resources...

PT-2025-20826

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions 4.24.4 and earlier Free and versions 2.27.4 and earlier Premium Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats...

PT-2025-23257 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the...

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

KLA82138 SB vulnerability in Mozilla Firefox

Security vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories MFSA2025-19 Related products Mozilla-Firefox CVE list CVE-2025-2857 critical Solution Update to the latest version Download Firefox Impacts SB...

Ubuntu: Security Advisory (USN-7352-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...