Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

MCP TypeScript SDK 竞争条件问题漏洞

The MCP TypeScript SDK is an open-source development toolkit for Model Context Protocol, used by servers and clients of the model context protocol. Versions 1.10.0 to 1.25.3 of the MCP TypeScript SDK contain a race condition vulnerability, which stems from a data leakage across client responses...

CLSA-2025-1766138358 Update of golang

Update to Go 1.25.3...

Oracle Linux 9 : go-rpm-macros (ELSA-2025-22005)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22005 advisory. - Rebuilt to include Go1.25.3 to address CVE-2025-47906 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2025:3681-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3681-1 advisory. go1.25.3 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1244485 CVE-2025-58187 go75861...

EUVD-2022-3909

Malicious code in bioql PyPI...

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

PT-2023-21168 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The Lua filter in Envoy is vulnerable to denial of service. Attackers can...

plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

plugin: CSRF vulnerability in Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

WordPress plugin Name Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

Jenkins Blue Ocean Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Blue Ocean 1.25.3 and earlier versions are vulnerable to an acces...

MediaWiki Multiple Vulnerabilities (Nov 2015) - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2015-8005

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file...