CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-11187
SUSE SLES15 Security Update : bind (SUSE-SU-2025:0359-1)
Description: Nessus Plugin ID 215167 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0359-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind, bind-doc, bind-utils and / or python3-bind packages. Read more at https://www.tenable.com/plugins/nessus/215167

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-39917
SUSE SLES15 Security Update : xrdp (SUSE-SU-2025:0350-1)
Description: Nessus Plugin ID 215171 with Critical Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0350-1 advisory. - CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libpainter0, librfxencode0, xrdp and / or xrdp-devel packages. Read more at https://www.tenable.com/plugins/nessus/215171

CVSS: HIGH (7.2)

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2022-49043
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2025:0348-1)
Description: Nessus Plugin ID 215178 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0348-1 advisory. - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/215178

CVSS: HIGH (8.1)

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-11187
SUSE SLES15 Security Update : bind (SUSE-SU-2025:0384-1)
Description: Nessus Plugin ID 215179 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0384-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind, bind-doc, bind-utils and / or python3-bind packages. Read more at https://www.tenable.com/plugins/nessus/215179

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-11187
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2025:0355-1)
Description: Nessus Plugin ID 215184 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0355-1 advisory. Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected bind, bind-doc and / or bind-utils packages. Read more at https://www.tenable.com/plugins/nessus/215184

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2023-52892
Fedora 40 : php-phpseclib (2025-b38cbff99d)
Description: Nessus Plugin ID 215157 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b38cbff99d advisory. Security fix for CVE-2023-52892, CVE-2024-27354Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected php-phpseclib package. Read more at https://www.tenable.com/plugins/nessus/215157

CVSS: HIGH (7.5)

Source: Tenable Plugins
February 9th, 2025 (5 months ago)

CVE-2025-0638
Fedora 40 : rust-routinator (2025-46db4ee37e)
Description: Nessus Plugin ID 215162 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-46db4ee37e advisory. ## New * ASPA support is now always compiled in and available if `enable-aspa` is set. The `aspa` Cargo feature has been removed. ([#990]) * If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more than 16,380 provider ASNs are already rejected during parsing.) ([#996]) * New `archive-stats` command that shows some statistics of an RRDP archive. ([#982]) * Re-enabled the use of GZIP compression in HTTP request sent by the RRDP collector. Measures to deal with exploding data have been implemented in [rpki-rs#319]. ([#997]) ## Bug fixes * Fixed an issue with checking the file names in manifests that let to a crash when non-ASCII characters are used. ([rpki-rs#320], reported by Haya Schulmann and Niklas Vogel of Goethe University Frankfurt/ATHENE Center and assigned [CVE-2025-0638]) * The validation HTTP endpoints now accept prefixes with non-zero host bits. ([#987]) * Removed duplicate `rtr_client_reset_queries` in HTTP metrics. ([#992] by [@sleinen]) * Improved disk space consumption of the new RRDP archives by re-using empty spa...

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 9th, 2025 (5 months ago)

CVE-2023-52892
Fedora 41 : php-phpseclib (2025-91d6e174d9)
Description: Nessus Plugin ID 215152 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91d6e174d9 advisory. Security fix for CVE-2023-52892, CVE-2024-27354Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected php-phpseclib package. Read more at https://www.tenable.com/plugins/nessus/215152

CVSS: HIGH (7.5)

Source: Tenable Plugins
February 8th, 2025 (5 months ago)

CVE-2025-25187
Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin
Description: Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses ctrl-p to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25168
WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

Source: CVE
February 8th, 2025 (5 months ago)