Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2596
Session logout can be overwritten by long lasting request
Description: Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)

CVSS: LOW (2.3)

EPSS Score: 0.04%

Source: CVE
March 26th, 2025 (2 months ago)

CVE-2025-30222
Shescape has potential environment variable exposure on Windows with CMD
Description: Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure `shell: 'cmd.exe'` or `shell: true` using any of `quote`/`quoteAll`/`escape`/`escapeAll`. An attacker may be able to get read-only access to environment variables. This bug has been patched in v2.1.2. For those who are already using v2 of Shescape, no further changes are required. Those who are are using v1 of Shescape should follow the migration guide to upgrade to v2. There is no plan to release a patch compatible with v1 of Shescape. As a workaround, users can remove all instances of `%` from user input before using Shescape.

CVSS: LOW (2.1)

EPSS Score: 0.02%

Source: CVE
March 26th, 2025 (3 months ago)

CVE-2024-21244
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior...
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVSS: LOW (2.2)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-21237
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are...
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

CVSS: LOW (2.2)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-21243
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior...
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVSS: LOW (2.2)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2025-30163
Node based network policies may incorrectly allow workload traffic
Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.

CVSS: LOW (3.4)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-30162
East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.

CVSS: LOW (3.2)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-1062
Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
Description: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2024-13124
Photo Gallery by 10Web < 1.8.33 - Admin+ Stored XSS
Description: The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
March 24th, 2025 (3 months ago)

CVE-2025-24912
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wpa_supplicant (SUSE-SU-2025:0977-1)
Description: Nessus Plugin ID 233203 with Low Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0977-1 advisory. - CVE-2025-24912: Fixed hostapd failing to process crafted RADIUS packets properly (bsc#1239461)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected wpa_supplicant and / or wpa_supplicant-gui packages. Read more at https://www.tenable.com/plugins/nessus/233203

CVSS: LOW (3.7)

EPSS Score: 0.26%

Source: Tenable Plugins
March 22nd, 2025 (3 months ago)