Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53142
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-1300)
Description: Nessus Plugin ID 232962 with High Severity Synopsis The remote EulerOS host is missing multiple security updates. Description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : initramfs: avoid filename buffer overrun(CVE-2024-53142) bpf, sockmap: Several fixes to bpf_msg_pop_data(CVE-2024-56720) scsi: sg: Fix slab-use-after-free read in sg_release()(CVE-2024-56631) dmaengine: idxd: Let probe fail when workqueue cannot be enabled(CVE-2022-48868) smb: client: fix use-after-free of signing key(CVE-2024-53179) bpf, sockmap: Fix race between element replace and close()(CVE-2024-56664) ftrace: Fix regression with module command in stack_trace_filter(CVE-2024-56569) RDMA/mlx5: Move events notifier registration to be after device registration(CVE-2024-53224) sched/deadline: Fix warning in migrate_enable for boosted tasks(CVE-2024-56583) af_packet: avoid erroring out after sock_init_data() in packet_create().(CVE-2024-56606) netdevsim: prevent bad user input in nsim_dev_health_break_write().(CVE-2024-56716) leds: class: Protect brightness_show() with led_cdev-led_access mutex(CVE-2024-56587) bpf: fix OOB devmap writes when deleting elemen(CVE-2024-56615) net: inet6: do not leave a dangling sk pointer in inet6_create().(CVE-2024-56600) nvme-multipath: defer partition scanning(CVE-2024-53093) virtiofs: use ...

CVSS: LOW (0.0)

Source: Tenable Plugins
March 20th, 2025 (about 1 month ago)

CVE-2025-30259
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...
🚨 Marked as known exploited on March 20th, 2025 (about 1 month ago).
Description: The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
March 20th, 2025 (about 1 month ago)

CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
Description: In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

CVSS: LOW (2.7)

EPSS Score: 0.01%

Source: CVE
March 19th, 2025 (about 1 month ago)

CVE-2024-42176
HCL MyXalytics is affected by concurrent login vulnerability
Description: HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive information.

CVSS: LOW (2.6)

EPSS Score: 0.02%

Source: CVE
March 19th, 2025 (about 1 month ago)

CVE-2025-25040
Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches
Description: A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability.

CVSS: LOW (3.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
March 18th, 2025 (about 1 month ago)

CVE-2024-21164
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to...
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).

CVSS: LOW (2.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 18th, 2025 (about 1 month ago)

CVE-2025-27398
Siemens SCALANCE M-800 and SC-600 Families Partial String Comparison (CVE-2025-27398)
Description: Tenable OT Security Plugin ID 503132 with Low Severity Synopsis The remote OT asset is affected by a vulnerability. Description A remote attacker needs to have access to a valid certificate in order to perform a successful attack.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503132

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: Tenable Plugins
March 17th, 2025 (about 1 month ago)

CVE-2025-27398
Siemens SCALANCE LPE9403 OS Command Injection (CVE-2025-27398)
Description: Tenable OT Security Plugin ID 503133 with Low Severity Synopsis The remote OT asset is affected by a vulnerability. Description Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503133

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: Tenable Plugins
March 17th, 2025 (about 1 month ago)

CVE-2025-27397
Siemens SCALANCE LPE9403 Path Traversal (CVE-2025-27397)
Description: Tenable OT Security Plugin ID 503137 with Low Severity Synopsis The remote OT asset is affected by a vulnerability. Description Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503137

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: Tenable Plugins
March 17th, 2025 (about 1 month ago)

CVE-2024-8925
Erroneous parsing of multipart form data
Description: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

CVSS: LOW (3.1)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
March 17th, 2025 (about 1 month ago)