9 matches found
EUVD-2021-28250
Malicious code in bioql PyPI...
CVE-2025-46823 OpenMRS has Vulnerability in FHIR2 Module Privileges
openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not...
Debian: Security Advisory (DLA-4186-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-43690
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacysalt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
PT-2025-21270 · Hitachi · Hitachi Jp1/It Desktop Management 2 - Smart Device Manager
Name of the Vulnerable Software and Affected Versions: Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 10-50 through 10-50-06 Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 11-00 through 11-00-05 Hitachi JP1/IT Desktop Management 2 - Smart Device Manager...
Fedora 41 : corosync (2025-c55f39aeb3)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c55f39aeb3 advisory. Security fix for CVE-2025-30472 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
CBL Mariner 2.0 Security Update: clang16 (CVE-2023-29935)
The version of clang16 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29935 advisory. - llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop &&...
WP Chat App < 3.6.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...
CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the AWSLOCATION setting was set, traversal was limited to that location only. The issue was...