Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-21244 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVSS: LOW (2.2) EPSS Score: 0.04% SSVC Exploitation: none
March 25th, 2025 (25 days ago)
|
|
CVE-2024-21237 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVSS: LOW (2.2) EPSS Score: 0.06% SSVC Exploitation: none
March 25th, 2025 (25 days ago)
|
|
CVE-2024-21243 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVSS: LOW (2.2) EPSS Score: 0.04% SSVC Exploitation: none
March 25th, 2025 (25 days ago)
|
|
CVE-2025-30163 |
Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.
CVSS: LOW (3.4) EPSS Score: 0.02%
March 24th, 2025 (26 days ago)
|
|
CVE-2025-30162 |
Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.
CVSS: LOW (3.2) EPSS Score: 0.02%
March 24th, 2025 (26 days ago)
|
|
CVE-2025-1062 |
Description: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (26 days ago)
|
|
CVE-2024-13124 |
Description: The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (26 days ago)
|
|
CVE-2025-24912 |
Description:
Nessus Plugin ID 233203 with Low Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0977-1 advisory. - CVE-2025-24912: Fixed hostapd failing to process crafted RADIUS packets properly (bsc#1239461)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected wpa_supplicant and / or wpa_supplicant-gui packages.
Read more at https://www.tenable.com/plugins/nessus/233203
CVSS: LOW (3.7) EPSS Score: 0.26%
March 22nd, 2025 (28 days ago)
|
|
CVE-2025-1632 |
Description:
Nessus Plugin ID 233204 with Medium Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0985-1 advisory. - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected bsdtar, libarchive-devel, libarchive13 and / or libarchive13-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/233204
CVSS: LOW (3.3) EPSS Score: 0.02%
March 22nd, 2025 (28 days ago)
|
|
CVE-2025-1795 |
Description:
Nessus Plugin ID 233206 with Low Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0981-1 advisory. - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libpython3_11-1_0, python311 and / or python311-base packages.
Read more at https://www.tenable.com/plugins/nessus/233206
CVSS: LOW (2.3) EPSS Score: 0.07%
March 22nd, 2025 (28 days ago)
|