637 matches found
PT-2025-29240 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S11 Juniper Networks Junos OS versions 22.2 before 22.2R3-S7 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks...
PT-2025-28756 · Unknown · Config Pages Viewer
Name of the Vulnerable Software and Affected Versions: Config Pages Viewer versions 0.0.0 through 1.0.4 Description: The issue is related to missing authentication for critical functions in Config Pages Viewer, which can be exploited due to incorrectly configured access control security levels...
PT-2025-28206 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - FlaggedRevs Extension versions 1.43.X through 1.43.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-Site Scripting XSS. This allows for Cross-Site Scripting XS...
PT-2025-28219 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...
Debian: Security Advisory (DSA-5959-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-27937 · WordPress · Kossy - Minimalist Ecommerce Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Kossy - Minimalist eCommerce WordPress Theme versions 1.45 and earlier Description: The issue affects the Kossy - Minimalist eCommerce WordPress Theme due to improper control of filename for include/require statement in PHP program, allowing...
Wireshark 3.6.x < 3.6.14, 4.0.x < 4.0.6 Multiple Vulnerabilities (Jul 2025) - Mac OS X
Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...
AlmaLinux 9 : nodejs:20 (ALSA-2025:7426)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:7426 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the AlmaLinux security...
Debian: Security Advisory (DSA-5956-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : chromium (2025-b434717c22)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b434717c22 advisory. Update to 137.0.7151.119 CVE-2025-6191: Integer overflow in V8 CVE-2025-6192: Use after free in Profiler Tenable has extracted the preceding...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1686)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for augeas (EulerOS-SA-2025-1699)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for augeas (EulerOS-SA-2025-1684)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-27188 · WordPress · Category Slider For Woocommerce
Name of the Vulnerable Software and Affected Versions: WPB Category Slider for WooCommerce versions 1.71 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local...
PT-2025-27140 · Unknown · Directiq Email Marketing
Name of the Vulnerable Software and Affected Versions: DirectIQ Email Marketing versions n/a through 2.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
PT-2025-27192 · Unknown · Quick Favicon
Name of the Vulnerable Software and Affected Versions: Quick Favicon versions through 0.22.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables an attacker to inject malicious...
PT-2025-27133 · Ancorathemes · Ancorathemes Citygov
Name of the Vulnerable Software and Affected Versions: AncoraThemes CityGov versions 1.9 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP programs, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...
PT-2025-27103 · Sneeit · Sneeit Magone
Name of the Vulnerable Software and Affected Versions: Sneeit MagOne versions through 8.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...
PT-2025-27207 · Zealousweb · Zealousweb Accept Stripe Payments Using Contact Form 7
Name of the Vulnerable Software and Affected Versions: ZealousWeb Accept Stripe Payments Using Contact Form 7 versions 3.0 and earlier Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: For ZealousW...
PT-2025-27096 · Unknown · Thembay Puca
Name of the Vulnerable Software and Affected Versions: thembay Puca versions n/a through 2.6.33 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...