CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

EUVD-2023-50046

Malicious code in bioql PyPI...

EUVD-2023-0658

Malicious code in bioql PyPI...

EUVD-2023-45168

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : sssd Vulnerability (NS-SA-2025-0194)

The remote NewStart CGSL host, running version MAIN 7.02, has sssd packages installed that are affected by a vulnerability: - A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting ...

NewStart CGSL MAIN 7.02 : iniparser Vulnerability (NS-SA-2025-0143)

The remote NewStart CGSL host, running version MAIN 7.02, has iniparser packages installed that are affected by a vulnerability: - iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparsergetlongint which misses check NULL for function iniparsergetstring's return...

NewStart CGSL MAIN 7.02 : perl-CPAN Vulnerability (NS-SA-2025-0188)

The remote NewStart CGSL host, running version MAIN 7.02, has perl-CPAN packages installed that are affected by a vulnerability: - CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Note that Nessus has not tested for these issues but ha...

NewStart CGSL MAIN 7.02 : sysstat Vulnerability (NS-SA-2025-0201)

The remote NewStart CGSL host, running version MAIN 7.02, has sysstat packages installed that are affected by a vulnerability: - sysstat through 12.7.2 allows a multiplication integer overflow in checkoverflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377...

NewStart CGSL MAIN 7.02 : graphviz Vulnerability (NS-SA-2025-0120)

The remote NewStart CGSL host, running version MAIN 7.02, has graphviz packages installed that are affected by a vulnerability: - Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically...

GitLab 15.0 < 18.0.5 / 18.1 < 18.1.3 / 18.2 < 18.2.1 (CVE-2025-7001)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient Granularity of Access Control in GitLab CVE-2025-7001 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Oracle MySQL Server 9.0.0 - 9.3.0 Security Update (cpujul2025) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

HashiCorp Vagrant 2.2.10 < 2.4.7 Code Injection (macOS)

The version of HashiCorp Vagrant installed on the remote host is 2.2.10 prior to 2.4.7. It is, therefore, is affected by a code injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 8090...

PHP 8.2.x < 8.2.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.29 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

CVE-2025-53121

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

CVE-2025-53121 Stored XSS in multiple 33.0.8files in opennms/opennms

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

GitLab 17.2 < 17.11.5 / 18.0 < 18.0.3 / 18.1 < 18.1.1 (CVE-2025-5315)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2025-5315 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...

ManageEngine OpManager Reflected XSS (CVE-2025-41437)

The version of ManageEngine OpManager running on the remote web server is earlier than 128463, between 128509 and 128541 inclusive, between 128551 and 128554 inclusive, or exactly 128565. It is, therefore, affected by a reflected XSS vulnerability on the login page. Note that Nessus has not teste...

GitLab 18.0 < 18.0.2 (CVE-2025-4278)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

Mozilla Thunderbird ESR Security Update (mfsa_2025-49) - Windows

Mozilla Thunderbird ESR is prone to an unsolicited file download and credential leak vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...