20 matches found
CVE-2026-8315
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-8310 Reflected XSS in Webbeyaz's Mediküm Web
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...
CVE-2026-8025
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...
Linux Distros Unpatched Vulnerability : CVE-2022-0729
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. CVE-2022-0729 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2017-6498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. CVE-2017-6498 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2017-2938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. CVE-2017-2938 Note that Nessus reli...
Linux Distros Unpatched Vulnerability : CVE-2017-2995
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation...
Linux Distros Unpatched Vulnerability : CVE-2016-5036
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dumpblock function in printsections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via crafted frame...
Linux Distros Unpatched Vulnerability : CVE-2018-18016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. CVE-2018-18016 Note that Nessus relies on the presence of the package as...
CVE-2024-8259
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was...
SUSE Linux Enterprise For SAP SEoL (12.2.x)
According to its version, SUSE Linux Enterprise For SAP is 12.2.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...
Canonical Ubuntu Linux SEoL (8.10.x)
According to its version, Canonical Ubuntu Linux is 8.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...
ManageEngine Applications Manager SEoL (13.0.x)
According to its version, ManageEngine Applications Manager is 13.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...
Microsoft Windows 8.1 SEoL
Microsoft Windows 8.1 is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...
Microsoft Windows 10 1607 Home SEoL
Microsoft Windows 10 1607 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Apache Subversion Server SEoL (1.4.x)
According to its version, Apache Subversion Server is 1.4.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...
HCLTech Domino SEoL (9.0.x)
According to its version, HCLTech Domino is 9.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 70300 C...
HCLTech Domino SEoL (10.0.x)
According to its version, HCLTech Domino is 10.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 70300 C...
Design/Logic Flaw
Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...
Wireshark / Ethereal Unsupported Version Detection
According to its version, the installation of Wireshark / Ethereal on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network...