USN-8226-1: kmod update

It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...

Photon OS 5.0: Rubygem PHSA-2026-5.0-0816

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0816. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-68455

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for...

Fedora: Security Advisory (FEDORA-2025-f7c75ffee2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2025-0300)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2019-12140

Malware in sbrugna...

EUVD-2018-18030

Malware in sbrugna...

EUVD-2020-23496

Malware in sbrugna...

EUVD-2023-32941

Malicious code in bioql PyPI...

Security Bulletin: IBM Observability with Instana is vulnerable to Path Traversal in python

Summary python is used by IBM Instana Observability as part of the instana-agent CVE-2025-4517. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-4517 DESCRIPTION: Allows arbitrary filesystem writes outside the extraction directory durin...

openSUSE Security Advisory (SUSE-SU-2025:02200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7588-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...

Photon OS 4.0: Linux PHSA-2025-4.0-0816

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0816. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2025-25335

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.4 through 05.46.01 Insyde InsydeH2O kernel versions 5.5 through 05.54.01 Insyde InsydeH2O kernel versions 5.6 through 05.61.01 Insyde InsydeH2O kernel versions 5.7 through 05.70.01 Description Improper input...

PT-2025-24176 · WordPress · Wp Gravity Forms Constant Contact Plugin

Name of the Vulnerable Software and Affected Versions: WP Gravity Forms Constant Contact Plugin versions 1.1.0 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, which allows phishing. This vulnerability can be...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before...

Debian: Security Advisory (DSA-5926-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-91d6e174d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-47793

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud...