CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-3083
Malformed MongoDB wire protocol messages may cause mongos to crash
Description: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-27363
Debian dla-4104 : freetype2-demos - security update
Description: Nessus Plugin ID 233597 with High Severity Synopsis The remote Debian host is missing a security-related update. Description The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4104 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4104-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 01, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : freetype Version : 2.10.4+dfsg-1+deb11u2 CVE ID : CVE-2025-27363 An out of bounds write with subglyph structures has been fixed in the font rendering library FreeType. For Debian 11 bullseye, this problem has been fixed in version 2.10.4+dfsg-1+deb11u2. We recommend that you upgrade your freetype packages. For the detailed security status of freetype please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freetype Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTSTenable has extracted the preceding description block directly from the Debian security advisory.Note that Nessus h...

CVSS: HIGH (8.1)

EPSS Score: 5.37%

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-11187
EulerOS 2.0 SP13 : bind (EulerOS-SA-2025-1328)
Description: Nessus Plugin ID 233610 with High Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.(CVE-2024-11187)Tenable has extracted the preceding description block directly from the EulerOS bind security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind packages. Read more at https://www.tenable.com/plugins/nessus/233610

CVSS: HIGH (7.5)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-11187
EulerOS 2.0 SP13 : bind (EulerOS-SA-2025-1311)
Description: Nessus Plugin ID 233618 with High Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.(CVE-2024-11187)Tenable has extracted the preceding description block directly from the EulerOS bind security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind packages. Read more at https://www.tenable.com/plugins/nessus/233618

CVSS: HIGH (7.5)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2023-3341
EulerOS 2.0 SP13 : dhcp (EulerOS-SA-2025-1331)
Description: Nessus Plugin ID 233628 with High Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. (CVE-2023-3341)Tenable has extracted the preceding description block directly from the EulerOS dhcp security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dhcp packages. Read more at https://www.tenable.com/plugins/nessus/233628

CVSS: HIGH (7.5)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2023-3341
EulerOS 2.0 SP13 : dhcp (EulerOS-SA-2025-1314)
Description: Nessus Plugin ID 233630 with High Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. (CVE-2023-3341)Tenable has extracted the preceding description block directly from the EulerOS dhcp security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected dhcp packages. Read more at https://www.tenable.com/plugins/nessus/233630

CVSS: HIGH (7.5)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-55549
Fedora 41 : mingw-libxslt (2025-fd62ac3fb1)
Description: Nessus Plugin ID 233633 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fd62ac3fb1 advisory. Update to 1.1.43, fixes CVE-2024-55549 and CVE-2025-24855.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected mingw-libxslt package. Read more at https://www.tenable.com/plugins/nessus/233633

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-55549
Fedora 40 : mingw-libxslt (2025-f7a12118f3)
Description: Nessus Plugin ID 233634 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7a12118f3 advisory. Update to 1.1.43, fixes CVE-2024-55549 and CVE-2025-24855.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected mingw-libxslt package. Read more at https://www.tenable.com/plugins/nessus/233634

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2025-2891
WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
Description: The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.

CVSS: HIGH (8.8)

EPSS Score: 0.26%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2024-12278
Booster for WooCommerce <= 7.2.5 - Unauthenticated Stored Cross-Site Scripting
Description: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.09%

Source: CVE
April 1st, 2025 (3 months ago)