Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24032
Linux Distros Unpatched Vulnerability : CVE-2025-24032
Description: Nessus Plugin ID 230636 with Critical Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`. (CVE-2025-24032)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230636

CVSS: CRITICAL (9.2)

EPSS Score: 0.05%

Source: Tenable Plugins
March 6th, 2025 (about 2 months ago)

CVE-2024-57823
Linux Distros Unpatched Vulnerability : CVE-2024-57823
Description: Nessus Plugin ID 230725 with Critical Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). (CVE-2024-57823)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230725

CVSS: CRITICAL (9.3)

Source: Tenable Plugins
March 6th, 2025 (about 2 months ago)

CVE-2025-27517
Volt Allows RCE Via User-Crafted Requests
Description: Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2025-25015
CVE-2025-25015: Kibana arbitrary code execution via prototype pollution
Description: CVE-2025-25015: Kibana arbitrary code execution via prototype pollution

CVSS: CRITICAL (9.9)

EPSS Score: 0.21%

Source: DarkWebInformer
March 5th, 2025 (about 2 months ago)

CVE-2025-23410
GMOD Apollo Relative Path Traversal
Description: When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2025-24924
GMOD Apollo Missing Authentication for Critical Function
Description: Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2024-13147
SQLi in Merkur Software's B2B Login Panel
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2024-12799
Insufficiently Protected Credentials
Description: Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.

CVSS: CRITICAL (10.0)

EPSS Score: 0.05%

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2024-12097
SQLi in Boceksoft Informatics' E-Travel
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2025.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
March 5th, 2025 (about 2 months ago)

CVE-2024-12281
Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile
Description: The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
March 5th, 2025 (about 2 months ago)