CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-36469
User enumeration via timing attack in Zabbix web interface
Description: Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

CVSS: LOW (2.3)

EPSS Score: 0.05%

Source: CVE
April 2nd, 2025 (3 months ago)

CVE-2025-3082
User may override a view's collation and gain unauthorized access to underlying data
Description: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2024-7883
EulerOS 2.0 SP13 : llvm (EulerOS-SA-2025-1336)
Description: Nessus Plugin ID 233612 with Low Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.(CVE-2024-7883)Tenable has extracted the preceding description block directly from the EulerOS llvm security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected llvm packages. Read more at https://www.tenable.com/plugins/nessus/233612

CVSS: LOW (3.7)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-7883
EulerOS 2.0 SP13 : llvm (EulerOS-SA-2025-1319)
Description: Nessus Plugin ID 233625 with Low Severity Synopsis The remote EulerOS host is missing a security update. Description According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.(CVE-2024-7883)Tenable has extracted the preceding description block directly from the EulerOS llvm security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected llvm packages. Read more at https://www.tenable.com/plugins/nessus/233625

CVSS: LOW (3.7)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2024-55565
Fedora 41 : qgis (2025-ccb6313749)
Description: Nessus Plugin ID 233632 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ccb6313749 advisory. Fix CVE-2024-55565. ---- Update to 3.40.5. ---- Update to 3.40.4.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected qgis package. Read more at https://www.tenable.com/plugins/nessus/233632

CVSS: LOW (0.0)

Source: Tenable Plugins
April 1st, 2025 (3 months ago)

CVE-2025-27427
Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission
Description: A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0. Users are recommended to upgrade to version 2.40.0 which fixes the issue.

CVSS: LOW (2.3)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-30469
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an...
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.

CVSS: LOW (2.4)

EPSS Score: 0.02%

Source: CVE
March 31st, 2025 (3 months ago)

CVE-2025-30369
Zulip allows the deletion of Custom profile fields by administrators of a different organization
Description: Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.

CVSS: LOW (2.7)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (3 months ago)

CVE-2025-30368
Zulip allows the deletion of organization by administrators of a different organization
Description: Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.

CVSS: LOW (2.7)

EPSS Score: 0.03%

Source: CVE
March 31st, 2025 (3 months ago)

CVE-2025-2954
mannaandpoem OpenManus File file_saver.py execute access control
Description: A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in mannaandpoem OpenManus bis 2025.3.13 gefunden. Es geht dabei um die Funktion execute der Datei app/tool/file_saver.py der Komponente File Handler. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.3)

EPSS Score: 0.01%

Source: CVE
March 30th, 2025 (3 months ago)