Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-3358
SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting
Description: A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability. In SourceCodester Aplaya Beach Resort Online Reservation System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /index.php. Mittels dem Manipulieren des Arguments to mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.2%

SSVC Exploitation: poc

Source: CVE
February 26th, 2025 (about 2 months ago)

CVE-2024-53920
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2025-849)
Description: Nessus Plugin ID 216800 with Critical Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-849 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on- the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) (CVE-2024-53920)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update emacs --releasever 2023.6.20250218' to update your system. Read more at https://www.tenable.com/plugins/nessus/216800

CVSS: LOW (0.0)

Source: Tenable Plugins
February 26th, 2025 (about 2 months ago)

CVE-2024-53920
Amazon Linux 2 : emacs (ALAS-2025-2757)
Description: Nessus Plugin ID 216831 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2757 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on- the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) (CVE-2024-53920)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update emacs' to update your system. Read more at https://www.tenable.com/plugins/nessus/216831

CVSS: LOW (0.0)

Source: Tenable Plugins
February 26th, 2025 (about 2 months ago)

CVE-2024-53104
SUSE SLES15 Security Update : kernel (Live Patch 48 for SLE 15 SP3) (SUSE-SU-2025:0707-1)
Description: Nessus Plugin ID 216835 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0707-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_174 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected kernel-livepatch-5_3_18-150300_59_174-default package. Read more at https://www.tenable.com/plugins/nessus/216835

CVSS: LOW (0.0)

Source: Tenable Plugins
February 26th, 2025 (about 2 months ago)

CVE-2024-53104
SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP4) (SUSE-SU-2025:0713-1)
Description: Nessus Plugin ID 216839 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0713-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_144 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected kernel-livepatch-5_14_21-150400_24_144-default and / or kernel- livepatch-5_3_18-150300_59_185-default packages. Read more at https://www.tenable.com/plugins/nessus/216839

CVSS: LOW (0.0)

Source: Tenable Plugins
February 26th, 2025 (about 2 months ago)

CVE-2025-26698
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded...
Description: Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.

CVSS: LOW (2.7)

EPSS Score: 0.01%

Source: CVE
February 26th, 2025 (about 2 months ago)

CVE-2025-0760
Stored Credential Disclosure Vulnerability
Description: A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.

CVSS: LOW (2.7)

EPSS Score: 0.02%

Source: CVE
February 26th, 2025 (about 2 months ago)

CVE-2025-27146
Matrix IRC Bridge allows IRC command injection to own puppeted user
Description: matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4.

CVSS: LOW (2.7)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (about 2 months ago)

CVE-2024-53879
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed...
Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS: LOW (2.8)

EPSS Score: 0.02%

Source: CVE
February 25th, 2025 (about 2 months ago)

CVE-2024-53878
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed...
Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service.

CVSS: LOW (2.8)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (about 2 months ago)