Moodle 3.11.x < 3.11.16 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16, 4.0.x prior to 4.0.10, 4.1.x prior to 4.1.5 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities. - Insufficient limitations made it possibl...

CVE-2025-31673

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

Linux Distros Unpatched Vulnerability : CVE-2022-32148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-063-01)

The version of mozilla-firefox installed on the remote host is prior to 128.8.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-063-01 advisory. New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2023-40587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a...

Linux Distros Unpatched Vulnerability : CVE-2017-12172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root...

FreeBSD : unit -- potential security issue (6af5e3a3-f85a-11ef-95b9-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6af5e3a3-f85a-11ef-95b9-589cfc10a551 advisory. SO-AND-SO reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. Tenable has...

CVE-2025-22635 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin < 3.9.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue affects Eventer: from n/a through 3.9.9...

CVE-2025-23766 WordPress OPSI Israel Domestic Shipments plugin <= 2.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through = 2.8.2...

Azure Linux 3.0 Security Update: php (CVE-2024-8925)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8925 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form...

CBL Mariner 2.0 Security Update: kubernetes (CVE-2024-10220)

The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10220 advisory. - The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo...

CVE-2024-6155 Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

CVE-2024-54233 WordPress Advanced Control Manager plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0...

National Instruments LabVIEW < 2024 Q3 Patch 2 Multiple Vulnerabilities

The version of National Instruments LabVIEW installed on the remote host is prior to 2022 Q3 Patch 4, 2023 Q3 Patch 5, or 2024 Q3 Patch 2. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024Q3P2 advisory. - An out of bounds read due to improper input validation in...

Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-2906)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.This is a follow-up to...

EulerOS Virtualization 2.12.0 : python-dns (EulerOS-SA-2024-2776)

According to the versions of the python-dns package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by...

CVE-2024-21236

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

SUSE-SU-2024:1657-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-52425: Fixed etree XMLPullParser tests for Expat =2.6.0 with reparse deferral bsc1219559...

CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...