Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

Slackware Linux 15.0 krita Vulnerability (SSA:2026-093-02)

The version of krita installed on the remote host is prior to 5.0.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-093-02 advisory. New krita packages are available for Slackware 15.0 to fix a security issue. Tenable has extracted the preceding description block...

Slackware Linux 15.0 / current infozip Multiple Vulnerabilities (SSA:2026-093-01)

The version of infozip installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-093-01 advisory. New infozip packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CheckTxnAuth function. A user with RBAC restricted permissions on key ranges can gain unauthorized access to the entire data store by bypassing key-level authorization checks using nested transactions...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the tenant management handlers in the /api/v1/tenants routes. An attacker can read, modify, or delete any tenant, including transferring ownership or destroying tenants, by calling GET, PUT, or DELETE on...

Slackware Linux 15.0 / current libpng Vulnerability (SSA:2026-042-02)

The version of libpng installed on the remote host is prior to 1.6.55. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-042-02 advisory. New libpng packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the release notification process. An attacker can receive unauthorized information about private repository releases by maintaining a watch on a repository that was changed from public to private, even after...

Debian dsa-6095 : foomuuri - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6095 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6095-1 [email protected] https://www.debian.org/securit...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2025-65998 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2025-65998 Source advisory: OSV:GHSA-JQG8-M35Q-JH7J...

EUVD-2025-121124

Malicious code in transport-upgrade-google-package npm...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the url variable processing in openURLMiddleware.ts. An attacker can execute arbitrary system commands by sending crafted HTTP POST requests, if the Metro development server is in use. This server binds to all...

EUVD-2019-13583

Malware in sbrugna...

EUVD-2017-11882

Malware in sbrugna...

EUVD-2019-8681

Malware in sbrugna...

Debian dla-4320 : u-boot - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4320 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4320-1 [email protected]...