Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-2313 |
Description:
Nessus Plugin ID 234296 with Low Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of bpftrace installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2313 advisory. - If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2313)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234296
CVSS: LOW (2.8)
April 14th, 2025 (4 days ago)
|
|
CVE-2025-24912 |
Description:
Nessus Plugin ID 234297 with Low Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of wpa_supplicant installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24912 advisory. - hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server May inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234297
CVSS: LOW (3.7)
April 14th, 2025 (4 days ago)
|
|
CVE-2024-2313 |
Description:
Nessus Plugin ID 234299 with Low Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of bpftrace installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2313 advisory. - If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. (CVE-2024-2313)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/234299
CVSS: LOW (2.8)
April 14th, 2025 (4 days ago)
|
|
CVE-2024-46901 |
Description:
Nessus Plugin ID 234318 with Low Severity
Synopsis
The remote Debian host is missing a security-related update.
Description
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4127 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4127-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 13, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : subversion Version : 1.14.1-3+deb11u2 CVE ID : CVE-2024-46901 Denial-of-service via control characters in paths has been fixed in the mod_dav_svn module of the version control system Subversion. For Debian 11 bullseye, this problem has been fixed in version 1.14.1-3+deb11u2. We recommend that you upgrade your subversion packages. For the detailed security status of subversion please refer to its security tracker page at: https://security-tracker.debian.org/tracker/subversion Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTSTenable has extracted the preceding description block directly from the Debian security ...
CVSS: LOW (3.1)
April 14th, 2025 (4 days ago)
|
|
CVE-2024-47814 |
Description: Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (3.9) EPSS Score: 0.01% SSVC Exploitation: none
April 11th, 2025 (6 days ago)
|
|
CVE-2025-31362 |
Description: Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
CVSS: LOW (3.7) EPSS Score: 0.02%
April 11th, 2025 (6 days ago)
|
|
CVE-2025-32816 |
Description: CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.
CVSS: LOW (3.1) EPSS Score: 0.03%
April 11th, 2025 (7 days ago)
|
|
CVE-2024-2773 |
Description: A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. Es wurde eine Schwachstelle in Campcodes Online Marriage Registration System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /user/search.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.08% SSVC Exploitation: poc
April 10th, 2025 (7 days ago)
|
|
CVE-2024-2715 |
Description: A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468. Eine Schwachstelle wurde in Campcodes Complete Online DJ Booking System 1.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user-search.php. Mit der Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.08% SSVC Exploitation: poc
April 10th, 2025 (7 days ago)
|
|
CVE-2025-32700 |
AbuseFilter log interfaces expose global private and hidden filters when central DB is not available
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php.
This issue affects AbuseFilter: from >= 1.43.0 before 1.43.1.
CVSS: LOW (2.3) EPSS Score: 0.08% SSVC Exploitation: none
April 10th, 2025 (7 days ago)
|