CVE-2025-1755 |
Description: MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
CVSS: HIGH (7.5) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2025-22280 |
Description: Missing Authorization vulnerability in revmakx DefendWP Firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through 1.1.0.
CVSS: HIGH (7.6) EPSS Score: 0.03% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|
CVE-2025-27154 |
Description: Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
CVSS: HIGH (8.4) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2024-9334 |
Description: Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.
CVSS: HIGH (8.2) EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|
CVE-2025-1739 |
Description: An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.
CVSS: HIGH (7.1) EPSS Score: 0.02%
February 27th, 2025 (4 months ago)
|
CVE-2025-1691 |
Description: The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. This issue affects mongosh versions prior to 2.3.9.
The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.
CVSS: HIGH (7.6) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|
CVE-2024-56171 |
Description:
Nessus Plugin ID 216891 with High Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56171 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. (CVE-2024-56171)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216891
CVSS: HIGH (7.8) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2025-24928 |
Description:
Nessus Plugin ID 216892 with High Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. (CVE-2025-24928)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216892
CVSS: HIGH (7.8) EPSS Score: 0.01%
February 27th, 2025 (4 months ago)
|
CVE-2024-28757 |
Description:
Nessus Plugin ID 216895 with High Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of expat installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28757 advisory. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216895
CVSS: HIGH (7.5) EPSS Score: 0.49%
February 27th, 2025 (4 months ago)
|
CVE-2015-1379 |
Description:
Nessus Plugin ID 216897 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0726-1 advisory. - CVE-2015-1379: lack of async-signal-safe signal handlers can lead to crashes or freezing of socat processes (bsc#922903).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected socat package.
Read more at https://www.tenable.com/plugins/nessus/216897
CVSS: HIGH (7.5)
February 27th, 2025 (4 months ago)
|