Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51539 |
Description: The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.
CVSS: LOW (2.3) EPSS Score: 0.04%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216714 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0704-1 advisory. This update for the Linux Kernel 5.14.21-150400_24_133 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-livepatch-5_14_21-150400_24_133-default, kernel-livepatch-5_3_18-150300_59_182-default and / or kernel-livepatch-6_4_0-150600_23_25-default packages.
Read more at https://www.tenable.com/plugins/nessus/216714
CVSS: LOW (0.0)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216718 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0650-1 advisory. This update for the Linux Kernel 4.12.14-122_219 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-livepatch-5_14_21-150500_55_73-default, kernel-livepatch-5_3_18-150300_59_179-default, kernel-livepatch-6_4_0-150600_10_5-rt and / or kgraft-patch-4_12_14-122_219-default packages.
Read more at https://www.tenable.com/plugins/nessus/216718
CVSS: LOW (0.0)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-8612 |
Description:
Nessus Plugin ID 216730 with Low Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0692-1 advisory. - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915). - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007). - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845). Other fixes: - Fix ipxe build with new binutils (bsc#1219733, bsc#1219722).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216730
CVSS: LOW (3.8)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216739 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0662-1 advisory. This update for the Linux Kernel 4.12.14-122_234 fixes one issue. The following security issue was fixed: - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-livepatch-5_14_21-150400_24_136-default, kernel-livepatch-5_14_21-150500_55_80-default, kernel-livepatch-6_4_0-150600_10_11-rt and / or kgraft-patch-4_12_14-122_234-default packages.
Read more at https://www.tenable.com/plugins/nessus/216739
CVSS: LOW (0.0)
February 25th, 2025 (about 2 months ago)
|
|
CVE-2024-10545 |
Description: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (3.5) EPSS Score: 0.03%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-27145 |
Description: copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the same privileges as that user. For example, this could give unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself; it is not necessary to actually initiate the upload. The file must be empty (zero bytes). Note that, as a general-purpose webserver, it is intentionally possible to upload HTML-files with arbitrary javascript in `` tags, which will execute when the file is opened. The difference is that this vulnerability would trigger execution of javascript during the act of uploading, and not when the uploaded file was opened. Version 1.16.15 contains a fix.
CVSS: LOW (3.6) EPSS Score: 0.05%
February 25th, 2025 (about 2 months ago)
|
|
CVE-2025-26528 |
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26528
https://moodle.org/mod/forum/discuss.php?d=466144
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896
https://github.com/advisories/GHSA-h697-w4ph-7pcx
CVSS: LOW (3.4) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-26531 |
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26531
https://moodle.org/mod/forum/discuss.php?d=466148
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239
https://github.com/advisories/GHSA-g88w-v4cq-qgcp
CVSS: LOW (3.1) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|
|
CVE-2025-26532 |
Description: Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26532
https://moodle.org/mod/forum/discuss.php?d=466149
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
https://github.com/advisories/GHSA-cw24-f6fq-7j9v
CVSS: LOW (3.1) EPSS Score: 0.03%
February 24th, 2025 (about 2 months ago)
|