2772 matches found
PT-2025-26952
Name of the Vulnerable Software and Affected Versions: System Information Reporter SIR versions 1.0.3 and prior Description: A sensitive information exposure issue allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. Recommendations: Fo...
CVE-2025-50178
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...
WordPress Blogbyte Theme <= 1.1.1 is vulnerable to Local File Inclusion
Software Blogbyte Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49275 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 149a2dc2444b Credits Le Ngoc Anh Required privilege Unauthenticated...
PT-2025-26937 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...
Alibaba Cloud Linux 3 : 0092: libxslt (ALINUX3-SA-2025:0092)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0092 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-40403: The issue was addressed with improv...
Fedora 41 : udisks2 (2025-809971541d)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-809971541d advisory. Harden temporary private mounts 2373301 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
CVE-2024-56731
Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...
PT-2025-26792 · Sourcecodester · Sourcecodester Best Pos Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Best Salon Management System. The issue affects some unknown functionality of the file...
CVE-2025-32975
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...
CVE-2025-52558
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...
CVE-2025-52485
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
CVE-2025-52487
CVE-2025-52487 affects DNN.PLATFORM (DotNetNuke) prior to version 10.0.1. Versions 7.0.0 up to before 10.0.1 allow a specially crafted request or proxy to bypass the DNN Login IP Filters, enabling login attempts from IPs outside the allow list. The vulnerability is mitigated by upgrading to versi...
CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...
Fedora 42 : perl-File-Find-Rule (2025-eef56e1ee1)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-eef56e1ee1 advisory. Fix CVE-2011-10007 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...
CVE-2025-49132
Summary (CVE-2025-49132) Pterodactyl Panel versions up to 1.11.10 are affected by an unauthenticated remote code execution via the /locales/locale.json endpoint, where locale and namespace query parameters are passed to PHP include() unsafely. The vulnerability can lead to local file inclusion an...
CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...
CVE-2025-48058
PowSyBl Core contains a polynomial ReDoS vulnerability in the DataSource mechanism (affecting listNames regex handling) prior to version 6.7.2. Exploitation can cause high CPU due to regex backtracking. The issue has been patched in com.powsybl:powsybl-commons:6.7.2 and related patches in 6.7.2+;...
PT-2025-26286 · Unknown · Code-Projects Online Shoe Store
Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue was found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/admin running.php. The manipulation of the qty argument leads to...