Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3122 |
Description: A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In WebAssembly wabt 1.0.36 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion BinaryReaderInterp::BeginFunctionBody der Datei src/interp/binary-reader-interp.cc. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.04%
April 3rd, 2025 (17 days ago)
|
|
CVE-2025-30218 |
Description: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.
CVSS: LOW (1.7) EPSS Score: 0.06%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-27608 |
Description: Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the Preferences -> Settings section of the Arduino IDE interface. In the vulnerable versions, any values entered in this field are directly displayed to the user through a notification tooltip object, without a proper output encoding routine, due to the underlying ElectronJS engine interpretation. This vulnerability exposes the input parameter to Self-XSS attacks, which may lead to security risks depending on where the malicious payload is injected. This vulnerability is fixed in 2.3.5.
CVSS: LOW (1.0) EPSS Score: 0.03%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-27512 |
Description:
Nessus Plugin ID 233748 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc269f80fa advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 ---- Backport polkit rules patch for CVE-2025-27512 - https://github.com/coreos/zincati/security/advisories/GHSA-w6fv-6gcc-x825 - https://www.cve.org/CVERecord?id=CVE-2025-27512 - https://github.com/coreos/zincati/commit/920ac90204830e43fd597f3dcbacf0d772b50a81Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected rust-zincati package.
Read more at https://www.tenable.com/plugins/nessus/233748
CVSS: LOW (2.1) EPSS Score: 0.02%
April 2nd, 2025 (17 days ago)
|
|
CVE-2024-42325 |
Description: Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.
CVSS: LOW (2.1) EPSS Score: 0.03%
April 2nd, 2025 (17 days ago)
|
|
CVE-2024-36469 |
Description: Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
CVSS: LOW (2.3) EPSS Score: 0.02%
April 2nd, 2025 (17 days ago)
|
|
CVE-2025-3082 |
Description: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 1st, 2025 (18 days ago)
|
|
CVE-2024-7883 |
Description:
Nessus Plugin ID 233612 with Low Severity
Synopsis
The remote EulerOS host is missing a security update.
Description
According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.(CVE-2024-7883)Tenable has extracted the preceding description block directly from the EulerOS llvm security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected llvm packages.
Read more at https://www.tenable.com/plugins/nessus/233612
CVSS: LOW (3.7)
April 1st, 2025 (18 days ago)
|
|
CVE-2024-7883 |
Description:
Nessus Plugin ID 233625 with Low Severity
Synopsis
The remote EulerOS host is missing a security update.
Description
According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.(CVE-2024-7883)Tenable has extracted the preceding description block directly from the EulerOS llvm security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected llvm packages.
Read more at https://www.tenable.com/plugins/nessus/233625
CVSS: LOW (3.7)
April 1st, 2025 (18 days ago)
|
|
CVE-2024-55565 |
Description:
Nessus Plugin ID 233632 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ccb6313749 advisory. Fix CVE-2024-55565. ---- Update to 3.40.5. ---- Update to 3.40.4.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected qgis package.
Read more at https://www.tenable.com/plugins/nessus/233632
CVSS: LOW (0.0)
April 1st, 2025 (18 days ago)
|