CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

MiracleLinux 8 : qt5-qtsvg-5.15.3-2.el8 (AXSA:2023-7241:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7241:02 advisory. qt: Uninitialized variable usage in munitsPerEm CVE-2023-32573 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

MiracleLinux 8 : firefox-91.10.0-1.el8.ML.1 (AXSA:2022-3739:18)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3739:18 advisory. Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 Mozilla: Browser window spoof...

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...

MiracleLinux 9 : edk2-20230524-4.el9 (AXSA:2023-6904:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6904:04 advisory. edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possible DoS translating ASN.1...

PT-2026-3756

Name of the Vulnerable Software and Affected Versions GNU Inetutils versions 1.9.3 through 2.7 Description GNU Inetutils telnetd is vulnerable to a remote authentication bypass. An attacker can exploit this flaw by manipulating the USER environment variable, specifically by setting it to "-f root...

MiracleLinux 8 : postgresql:10 (AXSA:2021-1514:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1514:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

USN-7968-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

openSUSE 16 Security Update : gimp (openSUSE-SU-2026:20055-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20055-1 advisory. Changes in gimp: Update to 3.0.6: - Security: - During development, we received reports from the Zero Day Initiative of potential security issue...

CVE-2025-67647

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...

MiracleLinux 4 : 389-ds-base-1.2.11.15-14.AXS4 (AXSA:2013-412:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-412:03 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...

MiracleLinux 4 : bash-4.1.2-15.AXS4.2 (AXSA:2014-554:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-554:02 advisory. Description : The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporat...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004028 advisory. An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivarssdt ACPI variable could be used by...

MiracleLinux 3 : sudo-1.7.2p1-29.AXS3 (AXSA:2014-229:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-229:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

CVE-2025-67647 SvelteKit Denial of service and possible SSRF when using prerendering

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...

CVE-2025-67647

CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...

CVE-2025-67647

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...

Server-side Request Forgery (SSRF)

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process to terminate or access internal services by...

SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering

Summary Versions of SvelteKit are vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. Details Affected versions from 2.44.0 onwards are vulnerable to DoS if: - your app has at least one prerendered route export const prerender = true Affected...