TencentOS Server 3: libxml2 (TSSA-2026:0348)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0348 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TP-Link WR841N Router multiple vulnerabilities

RISK EVALUATION Multiple TP-Link products TP-Link Archer C20 V5, Archer C20 6.0, Archer AX53 v1.0 and TL-WR841N v13 are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow an adjacent, unauthenticated attacker to execute administrative commands. 2...

EUVD-2026-23344

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

TencentOS Server 3: ruby:3.3 (TSSA-2025:0560)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0560 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: motif (TSSA-2024:0191)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0191 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: postgresql (TSSA-2023:0121)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0121 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documente...

July 8, 2025—KB5062560 (OS Build 14393.8246)

July 8, 2025—KB5062560 OS Build 14393.8246 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in...

TencentOS Server 4: libxml2 (TSSA-2025:0653)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0653 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. A malicious party can exploit the vulnerability to execute arbitrary code on the underlying system. For successful abuse, the malicious party must have prior authentication on the vulnerable pgAdmin installation. The developers of pgAdmin have released...

CVE-2023-32376

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...

Vulnerability fixed in Zoho ManageEngine Desktop Central

Zoho has fixed a vulnerability in ManageEngine Desktop Central. Desktop Central is a solution used by administrators to remotely manage devices within an organization. manage. The vulnerability makes it possible for a malicious person to bypass authentication and execute arbitrary code. It is goo...

Vulnerability fixed in Sophos SG UTM

A vulnerability has been fixed in Sophos SG UTM. The vulnerability allows a remote malicious person to execute arbitrary code execute arbitrary code with user privileges. It is good practice to access the management interface to be exposed on a local network to which only administrators have acce...

Cobbler 2.2.0 Command Injection Vulnerability

Cobbler is prone to a remote command injection vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

MDVA-2010:150 : k3b

This updates fixes issues with k3b when ripping CDs with external encoder such as FLAC. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was automatically...