Fedora 43 : calibre (2025-355be35bb1)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-355be35bb1 advisory. Update to 8.14.0. Fixes rhbz2413304 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

EUVD-2025-38333

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the decrypt function in CookieStore.php. An attacker can execute arbitrary code or cause a denial of service by sending a specially crafted cookie containing malicious serialized data which are...

CVE-2025-48951

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2025-148-01)

The version of curl installed on the remote host is prior to 8.14.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-148-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Elastic Kibana Security Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions prior to 7.17.22 and prior to 8.14.0, which...

Vulnerability fixed in Atlassian Bitbucket

Atlassian has fixed a vulnerability in Bitbucket. A malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code, possibly with elevated privileges. For successful abuse, the malicious party must be authenticated. Atlassian has released updates to fix the...

CVE-2023-23999 WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MonsterInsights plugin = 8.14.0 versions...

WordPress plugin MonsterInsights 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics by Monster Insights Type Plugin Vulnerable versions = 8.14.0 Fixed in 8.14.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23999 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f435cb2f126 Credits...

Atlassian Jira 8.14.0 < 8.14.1 Mobile Site Leaks Titles Of Privately Linked Tickets

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.13.2 or 8.14.0 prior to version 8.14.1. It is, therefore, affected by a vulnerability which permits unauthenticated remote attackers to view custom field and custom...

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...

CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery CSRF vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are befor...

CSRF allows toggling Thread Contention and CPU Monitoring - CVE-2021-43953

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery CSRF vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are befor...

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution RCE vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665...

Remote code execution

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution RCE vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665...

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution RCE vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665...