990 matches found
PT-2026-7251
Name of the Vulnerable Software and Affected Versions NX versions prior to 2512 Description The application contains a data validation issue that may allow an attacker with local access to manipulate internal data during the PDF export process. This could potentially lead to arbitrary code...
Fedora 42 : plantuml (2026-0d819a3a70)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0d819a3a70 advisory. Update to version 1.2026.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
PT-2026-6942
Name of the Vulnerable Software and Affected Versions JAY Login & Register plugin for WordPress versions prior to 2.6.04 Description The JAY Login & Register plugin for WordPress is susceptible to a privilege escalation issue. The plugin permits a user to modify arbitrary user meta data via the j...
WordPress List Site Contributors < 1.1.8 - Reflected XSS
WordPress List Site Contributors plugin 1.1.8 contains a reflected XSS caused by insufficient sanitization and escaping of the 'alpha' parameter, letting unauthenticated attackers inject scripts, exploit requires user interaction. id: CVE-2026-0594 info: name: WordPress List Site Contributors 1.1...
PT-2026-6893
Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...
PT-2026-6891
Name of the Vulnerable Software and Affected Versions Video Onclick plugin for WordPress versions prior to 0.4.8 Description The Video Onclick plugin for WordPress is susceptible to Stored Cross-Site Scripting through the youtube shortcode. This is due to inadequate input sanitization and output...
PT-2026-6918
Name of the Vulnerable Software and Affected Versions Tasin1025 SwiftBuy versions prior to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7 Description A security flaw exists in Tasin1025 SwiftBuy. The issue involves improper restriction of excessive authentication attempts within an unknown functionalit...
PT-2026-6718
Name of the Vulnerable Software and Affected Versions Yoast SEO versions prior to 26.9 Description The Yoast SEO plugin for WordPress is affected by a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the yoast-schema block attribute allows authenticated...
PT-2026-6835
Name of the Vulnerable Software and Affected Versions Nebula versions 1.7.0 through 1.10.2 Description Nebula is a scalable overlay networking tool. When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a...
Fedora 43 : open-vm-tools (2026-55bb6efd14)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55bb6efd14 advisory. Update to 13.0.10. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
ProfileGrid <= 5.7.8 - SQL Injection
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...
PT-2026-6280
Name of the Vulnerable Software and Affected Versions web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior Description The software contains an open redirect issue. Successful exploitation could allow a user to be redirected to a website chosen by an attacker when accessing a...
CMP WordPress < 4.0.19 - Broken Access Control
CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...
Puppeteer Renderer - Directory Traversal
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. id: CVE-2024-36527 info: name: Puppeteer Renderer - Directory Traversal author: Stux severity: medium...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
PT-2026-6260
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.2 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue exists in the handling of webhook responses and related HTTP endpoints. The Content Security Policy CSP sandbox protection may no...
PT-2026-6102
Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...
PT-2026-6235
Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...
PT-2026-6012
Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...
PT-2026-6215
Name of the Vulnerable Software and Affected Versions Ajay Better Search versions through 4.2.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This could allow an attacker to inject...