Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1688 |
Description: Milestone Systems has discovered a
security vulnerability in Milestone XProtect installer that resets system
configuration password after the upgrading from older versions using specific
installers.
The system configuration
password is an additional, optional protection that is enabled on the
Management Server.
To mitigate the issue, we highly recommend updating system configuration password via GUI with a standard procedure.
Any system upgraded with
2024 R1 or 2024 R2 release installer is vulnerable to this issue.
Systems upgraded from 2023
R3 or older with version 2025 R1 and newer are not affected.
CVSS: MEDIUM (5.5)
April 15th, 2025 (26 minutes ago)
|
|
CVE-2022-1325 |
Description:
Nessus Plugin ID 234347 with Medium Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7437-1 advisory. It was discovered that the CImg library did not properly check the size of images before loading them. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1325) It was discovered that the CImg library did not correctly handle certain memory operations, which could lead to a buffer overflow. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2024-26540)Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected cimg-dev and / or cimg-examples packages.
Read more at https://www.tenable.com/plugins/nessus/234347
CVSS: MEDIUM (5.5)
April 15th, 2025 (about 1 hour ago)
|
|
CVE-2025-0149 |
Description:
Nessus Plugin ID 234348 with Medium Severity
Synopsis
The remote host has an application installed that is affected by denial of service vulnerability.
Description
The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.3.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25008 advisory. - Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access. (CVE-2025-0149)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Zoom Client for Meetings 6.3.0 or later.
Read more at https://www.tenable.com/plugins/nessus/234348
CVSS: MEDIUM (6.5)
April 15th, 2025 (about 1 hour ago)
|
|
CVE-2025-2083 |
Description: The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4)
April 15th, 2025 (about 1 hour ago)
|
|
CVE-2025-3622 |
Description: A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization. Eine Schwachstelle wurde in Xorbits Inference bis 1.4.1 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion load der Datei xinference/thirdparty/cosyvoice/cli/model.py. Dank Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden.
CVSS: MEDIUM (5.1)
April 15th, 2025 (about 5 hours ago)
|
|
CVE-2025-3573 |
Description: Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
CVSS: MEDIUM (5.3)
April 15th, 2025 (about 5 hours ago)
|
|
CVE-2025-32993 |
Description: Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed.
CVSS: MEDIUM (6.5)
April 15th, 2025 (about 5 hours ago)
|
|
CVE-2025-2225 |
Description: The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rael_title_tag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 1.6.9.
CVSS: MEDIUM (6.4)
April 15th, 2025 (about 5 hours ago)
|
|
CVE-2025-29984 |
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS: MEDIUM (6.7)
April 15th, 2025 (about 7 hours ago)
|
|
CVE-2025-29983 |
Description: Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS: MEDIUM (6.7)
April 15th, 2025 (about 7 hours ago)
|