CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

EUVD-2026-10285

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

Linux Distros Unpatched Vulnerability : CVE-2022-1473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This functi...

Drupal Bootstrap Site Alert 安全漏洞

Drupal Bootstrap Site Alert is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Bootstrap Site Alert versions prior to 1.13.0 and 3.0.x versions prior to 3.0.4, which stems from improper input neutralization and could lead...

CVE-2024-45506

A flaw was found in HAProxy. An issue in the HTTP/2 multiplexer combined with the zero-copy forwarding system allows remote attackers to trigger under very rare conditions an endless loop and cause a denial of service. Mitigation Disable the zero-copy forwarding system to mitigate this issue. Add...

CVE-2024-30420

Server-side request forgery SSRF vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain...

CVE-2024-31396

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on...

VMware Fusion SEoL (3.0.x)

According to its version, VMware Fusion is 3.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

Spring Vault vulnerable to insertion of sensitive information into a log file

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...

Fedora 36 : mod_security / mod_security_crs (2022-90708b46e3)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-90708b46e3 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

CAN-2022-1006615 unknown in openssl version 3.0.x

In openssl openssl version 3.0.x a unknown exists in the unknown that can be attacked via unknown resulting in unknown...

EulerOS 2.0 SP2 : giflib (EulerOS-SA-2020-2345)

According to the version of the giflib package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The DGifDecompressLine function in dgiflib.c in GIFLIB possibly version 3.0.x, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer...

Joomla 3.0.x < 3.9.15 Multiple Vulnerabilities (5782-joomla-3-9-15)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.9.15. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components...

LOCKON EC-CUBE Open Redirect Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Japan. The platform supports product login, user evaluation, aesthetic layout and so on. An open redirection vulnerability exists in LOCKON EC-CUBE versions 3.0.x through 3.0.16. An attacker can exploit this...

Joomla! 3.0.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Joomla! 3.0.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 2.3.x prior to 2.3.21 or 3.0.x prior to 3.0.23. It is, therefore, potentially affected by multiple vulnerabilities : - An invalid read error exists in the ASN1TYPEcmp function due to...

Creative Contact Form [com_creativecontactform],2.0.0 and previous

Creative Contact Form comcreativecontactform,2.0.0 and previous,Other Resolution: Update to latest release 3.0.x Notice of Resolution: http://creative-solutions.net/joomla/creative-contact-form...

Mac OS X : Cisco AnyConnect Secure Mobility Client 3.0.x / 3.1.x Local Privilege Escalation

The remote host has a version of Cisco AnyConnect 3.0.x or 3.1.x. As such, it is vulnerable to a local privilege escalation attack caused by improper permissions on a library directory. This issue could allow a local attacker to execute arbitrary programs with elevated privileges. C Tenable Netwo...