Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-55549
Amazon Linux 2 : libxslt (ALAS-2025-2823)
Description: Nessus Plugin ID 234517 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. (CVE-2024-55549) numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. (CVE-2025-24855)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update libxslt' to update your system. Read more at https://www.tenable.com/plugins/nessus/234517

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2022-49390
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-088)
Description: Nessus Plugin ID 234528 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 5.10.235-227.919. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-088 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) In the Linux kernel, the following vulnerability has been resolved: rdma/cxgb4: Prevent potential integer overflow on 32bit (CVE-2024-57973) In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process (CVE-2024-57977) In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free (CVE-2024-57979) In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083) In the Linux kernel, ...

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2020-36327
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rubygem-bundler (SUSE-SU-2025:1294-1)
Description: Nessus Plugin ID 234537 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1294-1 advisory. - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected ruby2.5-rubygem-bundler and / or ruby2.5-rubygem-bundler-doc packages. Read more at https://www.tenable.com/plugins/nessus/234537

CVSS: HIGH (8.8)

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-27152
SUSE SLED15 / SLES15 Security Update : pgadmin4 (SUSE-SU-2025:1326-1)
Description: Nessus Plugin ID 234538 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1326-1 advisory. - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840) - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected pgadmin4, pgadmin4-doc and / or pgadmin4-web packages. Read more at https://www.tenable.com/plugins/nessus/234538

CVSS: HIGH (7.7)

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-31492
SUSE SLES15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:1324-1)
Description: Nessus Plugin ID 234540 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1324-1 advisory. - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected apache2-mod_auth_openidc package. Read more at https://www.tenable.com/plugins/nessus/234540

CVSS: HIGH (8.2)

EPSS Score: 0.19%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-30712
Oracle VM VirtualBox (April 2025 CPU)
Description: Nessus Plugin ID 234547 with High Severity Synopsis The remote host is affected by multiple vulnerabilities Description The 7.1.6 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. (CVE-2025-30712) - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox....

CVSS: HIGH (8.1)

EPSS Score: 0.01%

Source: Tenable Plugins
April 17th, 2025 (3 days ago)

CVE-2025-2188
Whitelist bypass Vulnerability in GameCenter
Description: There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.

CVSS: HIGH (8.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-1532
Code Injection Vulnerability in Phoneservice
Description: Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.

CVSS: HIGH (8.1)

EPSS Score: 0.03%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-2903
Privilege Chaining in Delphix
Description: An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

CVSS: HIGH (8.5)

EPSS Score: 0.02%

Source: CVE
April 17th, 2025 (3 days ago)

CVE-2025-3294
WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
Description: The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.

CVSS: HIGH (7.2)

EPSS Score: 0.17%

Source: CVE
April 17th, 2025 (3 days ago)